Theodore Brown [Thu, 9 May 2019 19:19:52 +0000 (14:19 -0500)]
Fix #77993: Wrong parse error for invalid hex literal on Windows
If a PHP file contains an invalid hex literal such as `0x_10`, the expected error
is `Parse error: syntax error, unexpected 'x_10' (T_STRING) in %s on line %d`.
This already worked correctly on Linux, but on Windows prior to this patch a different
error was produced: `Parse error: Invalid numeric literal in %s on line %d`.
Since PHP strings are binary safe (i.e. they may contain NUL bytes), we
must not assume that strlen()/wcslen() actually return the length of
the string. Only if the given in_len is zero, it is safe to assert
this.
Several tests use `/tmp` in the `--INI--` section, but this is not
portable. We therefore introduce the `{TMP}` placeholder which
evaluates to the system's temporary directory using
`sys_get_temp_dir()`.
We also remove the doubtful `strpos()` optimization.
Fix bug #77950 - Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG
I do not completely understand what is going on there, but I am pretty
sure dir_entry <= offset_base if not a normal situation, so we better not
to rely on such dir_entry.
Fix #77821: Potential heap corruption in TSendMail()
`zend_string_tolower()` returns a copy (not a duplicate) of the given
string, if it is already in lower case. In this case we must not not
`zend_string_free()` both strings. The cleanest solution is to call
` zend_string_release()` on both strings, which properly handles the
refcount.
Fix #77943: imageantialias($image, false); does not work
Firstly, we must not call `gdImageSetAntiAliased()` (which sets the
color to anti-alias), but rather modify the `gdImage.AA` flag.
Furthermore, we have to actually use the supplied boolean value.
We also make sure that we don't attempt to enable anti-aliasing for
palette images.
These tests are obviously meant to test successful and failing uri:
DSNs, but did not pass proper file:// URIs, so actually ended up
testing for invalid data source URIs twice. We fix this, and adjust
the expectations accordingly.
We also unfork the -win32 variant, since both test cases are almost
identical, and the expected error message may be either one.
MySQL/MariaDB version strings may have suffixes which may contain dots;
for instance, Debian stretch has 5.5.5-10.1.37-MariaDB-0+deb9u1 or
such. Therefore, we make the version extraction more liberal, and only
require that there are at least three parts separated by dot, and
ignore additional parts.
We also fix an erroneous test expectation, which would be triggered on
CI now, right away. This patch has been provided by petk@.
Fix #77944: Wrong meta pdo_type for bigint on LLP64
When actually fetching the data, bigint (unsigned) column values are
returned as integers on LLP64 architectures, so their pdo_type has to
be PDO::PARAM_INT accordingly.
Peter Kokot [Sat, 20 Apr 2019 17:00:51 +0000 (19:00 +0200)]
Fix #77921: static.php.net doesn't work anymore
This embeds the PHP logo image in the FPM status HTML page instead of
using remote location. The phpinfo() output also uses such approach
and browser compatibility looks decent [1].
Fix pgsql use after free trying to reuse closed connection
When a connection is closed, we also need to remove the hash entry
from the regular_list, as it now points to freed memory. To do this
store a reverse mapping from the connection to the hash string.
It would be nicer to introduce a wrapping structure for the pgsql
link resource that could store the hash (and notices), but that would
require large changes to the extension, so I'm going for a more
minimal fix here.
Always use ZEND_SECURE_ZERO() when cleaning up data
Optimizing compilers have an annoying tendency to throw out
memsets over data that they think aren't used anymore. Apply secure
zero-out in cases where this has potential to happen.
The `W32_SM_SENDMAIL_FROM_MALFORMED` error message will only be shown
if the `$additional_headers` parameter is passed to `mail`, which is
not the case for this test. Instead we have to expect `BAD_MSG_RPATH`.
* PHP-7.1:
Validate subject encoding in mb_split and mb_ereg_match
Validate pattern against mbregex encoding
SQLite3: add DEFENSIVE config for SQLite >= 3.26.0 as a mitigation strategy against potential security flaws
Nikita Popov [Mon, 11 Feb 2019 11:10:40 +0000 (12:10 +0100)]
Validate pattern against mbregex encoding
Oniguruma does not consistently perform this validation itself (at least
on older versions), so make sure we check pattern encoding validity on the
PHP side.
Niklas Keller [Sun, 24 Mar 2019 18:39:25 +0000 (19:39 +0100)]
Fix #77794: Incorrect Date header format in built-in server
- Fix the date format to be compliant with https://tools.ietf.org/html/rfc7231#section-7.1.1.2
- Fix date format length and use GMT time
- Previously, local time was used instead of GMT.
- Remove extra whitespace
- Simplify string appends in php_cli_server.c