diff options
author | Stefan Esser <sesser@php.net> | 2004-07-21 16:25:37 +0000 |
---|---|---|
committer | Stefan Esser <sesser@php.net> | 2004-07-21 16:25:37 +0000 |
commit | 42a50158bcbae898bf7b915a70f04d093935e5e5 (patch) | |
tree | aff030e2a0f5c164365aabe9a090585f554b83b4 | |
parent | 6957c8ab5a0eff7026ba5be568b8c6d900ed6d1f (diff) | |
download | php-git-42a50158bcbae898bf7b915a70f04d093935e5e5.tar.gz |
Merge all not yet merged security fixes into the 4_3 branch
-rw-r--r-- | ext/mssql/php_mssql.c | 1 | ||||
-rw-r--r-- | ext/session/session.c | 7 | ||||
-rw-r--r-- | ext/sybase/php_sybase_db.c | 2 | ||||
-rw-r--r-- | ext/sybase_ct/php_sybase_ct.c | 2 | ||||
-rw-r--r-- | ext/w32api/w32api.c | 25 | ||||
-rw-r--r-- | main/main.c | 15 | ||||
-rw-r--r-- | main/rfc1867.c | 7 | ||||
-rw-r--r-- | sapi/apache/mod_php4.c | 17 |
8 files changed, 48 insertions, 28 deletions
diff --git a/ext/mssql/php_mssql.c b/ext/mssql/php_mssql.c index 7e9d28f8fe..489c655328 100644 --- a/ext/mssql/php_mssql.c +++ b/ext/mssql/php_mssql.c @@ -344,6 +344,7 @@ PHP_RINIT_FUNCTION(mssql) PHP_RSHUTDOWN_FUNCTION(mssql) { STR_FREE(MS_SQL_G(appname)); + MS_SQL_G(appname) = NULL; if (MS_SQL_G(server_message)) { STR_FREE(MS_SQL_G(server_message)); MS_SQL_G(server_message) = NULL; diff --git a/ext/session/session.c b/ext/session/session.c index 7098f1d442..67fe998b7a 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -503,13 +503,16 @@ break_outer_loop: static void php_session_track_init(TSRMLS_D) { + zval *session_vars = NULL; + /* Unconditionally destroy existing arrays -- possible dirty data */ zend_hash_del(&EG(symbol_table), "HTTP_SESSION_VARS", sizeof("HTTP_SESSION_VARS")); zend_hash_del(&EG(symbol_table), "_SESSION", sizeof("_SESSION")); - MAKE_STD_ZVAL(PS(http_session_vars)); - array_init(PS(http_session_vars)); + MAKE_STD_ZVAL(session_vars); + array_init(session_vars); + PS(http_session_vars) = session_vars; ZEND_SET_GLOBAL_VAR_WITH_LENGTH("HTTP_SESSION_VARS", sizeof("HTTP_SESSION_VARS"), PS(http_session_vars), 2, 1); ZEND_SET_GLOBAL_VAR_WITH_LENGTH("_SESSION", sizeof("_SESSION"), PS(http_session_vars), 2, 1); diff --git a/ext/sybase/php_sybase_db.c b/ext/sybase/php_sybase_db.c index 2d90e611a1..7aadcfb70b 100644 --- a/ext/sybase/php_sybase_db.c +++ b/ext/sybase/php_sybase_db.c @@ -297,7 +297,9 @@ PHP_MSHUTDOWN_FUNCTION(sybase) PHP_RSHUTDOWN_FUNCTION(sybase) { efree(php_sybase_module.appname); + php_sybase_module.appname = NULL; STR_FREE(php_sybase_module.server_message); + php_sybase_module.server_message = NULL; return SUCCESS; } diff --git a/ext/sybase_ct/php_sybase_ct.c b/ext/sybase_ct/php_sybase_ct.c index b0bb7fe548..06101ddad1 100644 --- a/ext/sybase_ct/php_sybase_ct.c +++ b/ext/sybase_ct/php_sybase_ct.c @@ -458,11 +458,13 @@ PHP_MSHUTDOWN_FUNCTION(sybase) PHP_RSHUTDOWN_FUNCTION(sybase) { efree(SybCtG(appname)); + SybCtG(appname) = NULL; if (SybCtG(callback_name)) { zval_ptr_dtor(&SybCtG(callback_name)); SybCtG(callback_name)= NULL; } STR_FREE(SybCtG(server_message)); + SybCtG(server_message) = NULL; return SUCCESS; } diff --git a/ext/w32api/w32api.c b/ext/w32api/w32api.c index 4945ef10dc..072ab1d800 100644 --- a/ext/w32api/w32api.c +++ b/ext/w32api/w32api.c @@ -290,20 +290,26 @@ PHP_MSHUTDOWN_FUNCTION(w32api) */ PHP_RINIT_FUNCTION(w32api) { + HashTable *tmp; + WG(funcs) = WG(libraries) = WG(callbacks) = WG(types) = NULL; + /* Allocate Request Specific HT's here */ - ALLOC_HASHTABLE(WG(funcs)); - zend_hash_init(WG(funcs), 1, NULL, php_w32api_hash_func_dtor, 1); - - ALLOC_HASHTABLE(WG(libraries)); - zend_hash_init(WG(libraries), 1, NULL, php_w32api_hash_lib_dtor, 1); + ALLOC_HASHTABLE(tmp); + zend_hash_init(tmp, 1, NULL, php_w32api_hash_func_dtor, 1); + WG(funcs) = tmp; - ALLOC_HASHTABLE(WG(callbacks)); - zend_hash_init(WG(callbacks), 1, NULL, php_w32api_hash_callback_dtor, 1); + ALLOC_HASHTABLE(tmp); + zend_hash_init(tmp, 1, NULL, php_w32api_hash_lib_dtor, 1); + WG(libraries) = tmp; - ALLOC_HASHTABLE(WG(types)); - zend_hash_init(WG(types), 1, NULL, php_w32api_hash_type_dtor, 1); + ALLOC_HASHTABLE(tmp); + zend_hash_init(tmp, 1, NULL, php_w32api_hash_callback_dtor, 1); + WG(callbacks) = tmp; + ALLOC_HASHTABLE(tmp); + zend_hash_init(tmp, 1, NULL, php_w32api_hash_type_dtor, 1); + WG(types) = tmp; return SUCCESS; @@ -330,6 +336,7 @@ PHP_RSHUTDOWN_FUNCTION(w32api) zend_hash_destroy(WG(types)); FREE_HASHTABLE(WG(types)); + WG(funcs) = WG(libraries) = WG(callbacks) = WG(types) = NULL; return SUCCESS; } diff --git a/main/main.c b/main/main.c index 9b53c530f6..a3a93e3bb2 100644 --- a/main/main.c +++ b/main/main.c @@ -1369,6 +1369,7 @@ static int php_hash_environment(TSRMLS_D) int _gpc_flags[5] = {0, 0, 0, 0, 0}; zend_bool have_variables_order; zval *dummy_track_vars_array = NULL; + zval *env_vars = NULL; zend_bool initialized_dummy_track_vars_array=0; int i; char *variables_order; @@ -1401,9 +1402,10 @@ static int php_hash_environment(TSRMLS_D) } else { variables_order = PG(gpc_order); have_variables_order=0; - ALLOC_ZVAL(PG(http_globals)[TRACK_VARS_ENV]); - array_init(PG(http_globals)[TRACK_VARS_ENV]); - INIT_PZVAL(PG(http_globals)[TRACK_VARS_ENV]); + ALLOC_ZVAL(env_vars); + array_init(env_vars); + INIT_PZVAL(env_vars); + PG(http_globals)[TRACK_VARS_ENV] = env_vars; php_import_environment_variables(PG(http_globals)[TRACK_VARS_ENV] TSRMLS_CC); if (PG(register_globals)) { php_autoglobal_merge(&EG(symbol_table), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_ENV]) TSRMLS_CC); @@ -1446,9 +1448,10 @@ static int php_hash_environment(TSRMLS_D) case 'E': if (!_gpc_flags[3]) { if (have_variables_order) { - ALLOC_ZVAL(PG(http_globals)[TRACK_VARS_ENV]); - array_init(PG(http_globals)[TRACK_VARS_ENV]); - INIT_PZVAL(PG(http_globals)[TRACK_VARS_ENV]); + ALLOC_ZVAL(env_vars); + array_init(env_vars); + INIT_PZVAL(env_vars); + PG(http_globals)[TRACK_VARS_ENV] = env_vars; php_import_environment_variables(PG(http_globals)[TRACK_VARS_ENV] TSRMLS_CC); if (PG(register_globals)) { php_autoglobal_merge(&EG(symbol_table), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_ENV]) TSRMLS_CC); diff --git a/main/rfc1867.c b/main/rfc1867.c index 91c23b6ba1..c37a711ce0 100644 --- a/main/rfc1867.c +++ b/main/rfc1867.c @@ -760,7 +760,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) char *boundary, *s=NULL, *boundary_end = NULL, *start_arr=NULL, *array_index=NULL; char *temp_filename=NULL, *lbuf=NULL, *abuf=NULL; int boundary_len=0, total_bytes=0, cancel_upload=0, is_arr_upload=0, array_len=0, max_file_size=0, skip_upload=0; - zval *http_post_files=NULL; + zval *http_post_files=NULL; HashTable *uploaded_files=NULL; #if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING) int str_len = 0, num_vars = 0, num_vars_max = 2*10, *len_list = NULL; char **val_list = NULL; @@ -811,8 +811,9 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* Initialize $_FILES[] */ zend_hash_init(&PG(rfc1867_protected_variables), 5, NULL, NULL, 0); - ALLOC_HASHTABLE(SG(rfc1867_uploaded_files)); - zend_hash_init(SG(rfc1867_uploaded_files), 5, NULL, (dtor_func_t) free_estring, 0); + ALLOC_HASHTABLE(uploaded_files); + zend_hash_init(uploaded_files, 5, NULL, (dtor_func_t) free_estring, 0); + SG(rfc1867_uploaded_files) = uploaded_files; ALLOC_ZVAL(http_post_files); array_init(http_post_files); diff --git a/sapi/apache/mod_php4.c b/sapi/apache/mod_php4.c index ac313c75d5..0851177098 100644 --- a/sapi/apache/mod_php4.c +++ b/sapi/apache/mod_php4.c @@ -465,7 +465,7 @@ static void init_request_info(TSRMLS_D) request_rec *r = ((request_rec *) SG(server_context)); char *content_length = (char *) table_get(r->subprocess_env, "CONTENT_LENGTH"); const char *authorization=NULL; - char *tmp; + char *tmp, *tmp_user; SG(request_info).query_string = r->args; SG(request_info).path_translated = r->filename; @@ -482,15 +482,16 @@ static void init_request_info(TSRMLS_D) && (!PG(safe_mode) || (PG(safe_mode) && !auth_type(r))) && !strcasecmp(getword(r->pool, &authorization, ' '), "Basic")) { tmp = uudecode(r->pool, authorization); - SG(request_info).auth_user = getword_nulls_nc(r->pool, &tmp, ':'); - if (SG(request_info).auth_user) { - r->connection->user = pstrdup(r->connection->pool, SG(request_info).auth_user); + tmp_user = getword_nulls_nc(r->pool, &tmp, ':'); + SG(request_info).auth_user = NULL; + if (tmp_user) { + r->connection->user = pstrdup(r->connection->pool, tmp_user); r->connection->ap_auth_type = "Basic"; - SG(request_info).auth_user = estrdup(SG(request_info).auth_user); + SG(request_info).auth_user = estrdup(tmp_user); } - SG(request_info).auth_password = tmp; - if (SG(request_info).auth_password) { - SG(request_info).auth_password = estrdup(SG(request_info).auth_password); + SG(request_info).auth_password = NULL; + if (tmp) { + SG(request_info).auth_password = estrdup(tmp); } } else { SG(request_info).auth_user = NULL; |