diff options
author | Stanislav Malyshev <stas@php.net> | 2015-04-14 00:51:14 -0700 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2015-04-14 01:05:01 -0700 |
commit | 5776fceb16597d9ce686a01c1b72eac155b9741b (patch) | |
tree | da7009cf416f912e654a9bb1614ac781e04fdc47 /ext/curl/interface.c | |
parent | dc0f2a5bad109ff356900def1a35385bd87ca54a (diff) | |
parent | 4782ceea8073b16101058636479e00cc4302d07e (diff) | |
download | php-git-5776fceb16597d9ce686a01c1b72eac155b9741b.tar.gz |
Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5: (27 commits)
fix non-standard C
update NEWS
5.4.41 next
fix CVE num
update NEWS
Fix bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode)
fix test
fix type in fix for #69085
fix memory leak & add test
Fix tests
fix CVE num
Fix bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability)
Fix test
Additional fix for bug #69324
More fixes for bug #69152
Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions)
Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar)
Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
...
Conflicts:
ext/standard/http_fopen_wrapper.c
Diffstat (limited to 'ext/curl/interface.c')
-rw-r--r-- | ext/curl/interface.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/ext/curl/interface.c b/ext/curl/interface.c index a7b68dfe17..1ada79b850 100644 --- a/ext/curl/interface.c +++ b/ext/curl/interface.c @@ -1346,6 +1346,7 @@ static size_t curl_write(char *data, size_t size, size_t nmemb, void *ctx) php_error_docref(NULL TSRMLS_CC, E_WARNING, "Could not call the CURLOPT_WRITEFUNCTION"); length = -1; } else if (retval_ptr) { + _php_curl_verify_handlers(ch, 1 TSRMLS_CC); if (Z_TYPE_P(retval_ptr) != IS_LONG) { convert_to_long_ex(&retval_ptr); } @@ -1411,6 +1412,7 @@ static int curl_fnmatch(void *ctx, const char *pattern, const char *string) if (error == FAILURE) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot call the CURLOPT_FNMATCH_FUNCTION"); } else if (retval_ptr) { + _php_curl_verify_handlers(ch, 1 TSRMLS_CC); if (Z_TYPE_P(retval_ptr) != IS_LONG) { convert_to_long_ex(&retval_ptr); } @@ -1489,6 +1491,7 @@ static size_t curl_progress(void *clientp, double dltotal, double dlnow, double if (error == FAILURE) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot call the CURLOPT_PROGRESSFUNCTION"); } else if (retval_ptr) { + _php_curl_verify_handlers(ch, 1 TSRMLS_CC); if (Z_TYPE_P(retval_ptr) != IS_LONG) { convert_to_long_ex(&retval_ptr); } @@ -1566,6 +1569,7 @@ static size_t curl_read(char *data, size_t size, size_t nmemb, void *ctx) length = CURL_READFUNC_ABORT; #endif } else if (retval_ptr) { + _php_curl_verify_handlers(ch, 1 TSRMLS_CC); if (Z_TYPE_P(retval_ptr) == IS_STRING) { length = MIN((int) (size * nmemb), Z_STRLEN_P(retval_ptr)); memcpy(data, Z_STRVAL_P(retval_ptr), length); @@ -1640,6 +1644,7 @@ static size_t curl_write_header(char *data, size_t size, size_t nmemb, void *ctx php_error_docref(NULL TSRMLS_CC, E_WARNING, "Could not call the CURLOPT_HEADERFUNCTION"); length = -1; } else if (retval_ptr) { + _php_curl_verify_handlers(ch, 1 TSRMLS_CC); if (Z_TYPE_P(retval_ptr) != IS_LONG) { convert_to_long_ex(&retval_ptr); } |