diff options
| author | Stanislav Malyshev <stas@php.net> | 2015-04-14 01:20:31 -0700 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2015-04-14 01:28:06 -0700 |
| commit | b3709bfc52fa60acef1376dbff9ec09f52ed8a5a (patch) | |
| tree | bff6fc91f50d11fcf9e4f6c3f6a9321aca3a305d /ext/curl/interface.c | |
| parent | cddb5eb3e9ff3af9fdff8b849bae67e4d3c7bd03 (diff) | |
| parent | 5776fceb16597d9ce686a01c1b72eac155b9741b (diff) | |
| download | php-git-b3709bfc52fa60acef1376dbff9ec09f52ed8a5a.tar.gz | |
Merge branch 'PHP-5.6'
* PHP-5.6: (27 commits)
fix non-standard C
update NEWS
5.4.41 next
fix CVE num
update NEWS
Fix bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode)
fix test
fix type in fix for #69085
fix memory leak & add test
Fix tests
fix CVE num
Fix bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability)
Fix test
Additional fix for bug #69324
More fixes for bug #69152
Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions)
Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar)
Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
...
Conflicts:
Zend/zend_exceptions.c
ext/curl/interface.c
ext/dom/document.c
ext/fileinfo/libmagic/softmagic.c
ext/gd/gd.c
ext/hash/hash.c
ext/pgsql/pgsql.c
ext/phar/phar.c
ext/phar/phar_internal.h
ext/standard/http_fopen_wrapper.c
ext/standard/link.c
ext/standard/streamsfuncs.c
ext/xmlwriter/php_xmlwriter.c
ext/zlib/zlib.c
Diffstat (limited to 'ext/curl/interface.c')
| -rw-r--r-- | ext/curl/interface.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/ext/curl/interface.c b/ext/curl/interface.c index a51c03f47f..bf8d2f00eb 100644 --- a/ext/curl/interface.c +++ b/ext/curl/interface.c @@ -1345,6 +1345,7 @@ static size_t curl_write(char *data, size_t size, size_t nmemb, void *ctx) php_error_docref(NULL, E_WARNING, "Could not call the CURLOPT_WRITEFUNCTION"); length = -1; } else if (!Z_ISUNDEF(retval)) { + _php_curl_verify_handlers(ch, 1); if (Z_TYPE(retval) != IS_LONG) { convert_to_long_ex(&retval); } @@ -1397,6 +1398,7 @@ static int curl_fnmatch(void *ctx, const char *pattern, const char *string) if (error == FAILURE) { php_error_docref(NULL, E_WARNING, "Cannot call the CURLOPT_FNMATCH_FUNCTION"); } else if (!Z_ISUNDEF(retval)) { + _php_curl_verify_handlers(ch, 1); if (Z_TYPE(retval) != IS_LONG) { convert_to_long_ex(&retval); } @@ -1456,6 +1458,7 @@ static size_t curl_progress(void *clientp, double dltotal, double dlnow, double if (error == FAILURE) { php_error_docref(NULL, E_WARNING, "Cannot call the CURLOPT_PROGRESSFUNCTION"); } else if (!Z_ISUNDEF(retval)) { + _php_curl_verify_handlers(ch, 1); if (Z_TYPE(retval) != IS_LONG) { convert_to_long_ex(&retval); } @@ -1524,6 +1527,7 @@ static size_t curl_read(char *data, size_t size, size_t nmemb, void *ctx) length = CURL_READFUNC_ABORT; #endif } else if (!Z_ISUNDEF(retval)) { + _php_curl_verify_handlers(ch, 1); if (Z_TYPE(retval) == IS_STRING) { length = MIN((int) (size * nmemb), Z_STRLEN(retval)); memcpy(data, Z_STRVAL(retval), length); @@ -1589,6 +1593,7 @@ static size_t curl_write_header(char *data, size_t size, size_t nmemb, void *ctx php_error_docref(NULL, E_WARNING, "Could not call the CURLOPT_HEADERFUNCTION"); length = -1; } else if (!Z_ISUNDEF(retval)) { + _php_curl_verify_handlers(ch, 1); if (Z_TYPE(retval) != IS_LONG) { convert_to_long_ex(&retval); } |