diff options
| -rw-r--r-- | NEWS | 7 | ||||
| -rw-r--r-- | ext/pdo_mysql/mysql_driver.c | 26 | ||||
| -rw-r--r-- | ext/pdo_mysql/tests/bug71569.phpt | 23 | ||||
| -rw-r--r-- | ext/sqlite3/sqlite3.c | 3 | ||||
| -rw-r--r-- | ext/standard/string.c | 2 | ||||
| -rw-r--r-- | sapi/cli/php_cli_server.c | 13 |
6 files changed, 59 insertions, 15 deletions
@@ -6,6 +6,10 @@ PHP NEWS . Fixed bug #71523 (Copied handle with new option CURLOPT_HTTPHEADER crashes while curl_multi_exec). (Laruence) +- CLI server: + . Bug #71559 (Built-in HTTP server, we can download file in web by bug). + (Johannes, Anatol) + - Date: . Fixed bug #68078 (Datetime comparisons ignore microseconds). (Willem-Jan Zijderveld) @@ -17,6 +21,9 @@ PHP NEWS . Fixed bug #62172 (FPM not working with Apache httpd 2.4 balancer/fcgi setup). (Matt Haught, Remi) +- PDO MySQL: + . Fixed bug #71569 (#70389 fix causes segmentation fault). (Nikita) + - Standard: . Fixed bug #70720 (strip_tags improper php code parsing). (Julien) diff --git a/ext/pdo_mysql/mysql_driver.c b/ext/pdo_mysql/mysql_driver.c index 003a0c33be..e82fdf46db 100644 --- a/ext/pdo_mysql/mysql_driver.c +++ b/ext/pdo_mysql/mysql_driver.c @@ -658,31 +658,31 @@ static int pdo_mysql_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_ init_cmd = pdo_attr_strval(driver_options, PDO_MYSQL_ATTR_INIT_COMMAND, NULL TSRMLS_CC); if (init_cmd) { if (mysql_options(H->server, MYSQL_INIT_COMMAND, (const char *)init_cmd)) { - efree(init_cmd); + str_efree(init_cmd); pdo_mysql_error(dbh); goto cleanup; } - efree(init_cmd); + str_efree(init_cmd); } #ifndef PDO_USE_MYSQLND default_file = pdo_attr_strval(driver_options, PDO_MYSQL_ATTR_READ_DEFAULT_FILE, NULL TSRMLS_CC); if (default_file) { if (mysql_options(H->server, MYSQL_READ_DEFAULT_FILE, (const char *)default_file)) { - efree(default_file); + str_efree(default_file); pdo_mysql_error(dbh); goto cleanup; } - efree(default_file); + str_efree(default_file); } default_group= pdo_attr_strval(driver_options, PDO_MYSQL_ATTR_READ_DEFAULT_GROUP, NULL TSRMLS_CC); if (default_group) { if (mysql_options(H->server, MYSQL_READ_DEFAULT_GROUP, (const char *)default_group)) { - efree(default_group); + str_efree(default_group); pdo_mysql_error(dbh); goto cleanup; } - efree(default_group); + str_efree(default_group); } #endif compress = pdo_attr_lval(driver_options, PDO_MYSQL_ATTR_COMPRESS, 0 TSRMLS_CC); @@ -702,19 +702,19 @@ static int pdo_mysql_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_ if (ssl_key || ssl_cert || ssl_ca || ssl_capath || ssl_cipher) { mysql_ssl_set(H->server, ssl_key, ssl_cert, ssl_ca, ssl_capath, ssl_cipher); if (ssl_key) { - efree(ssl_key); + str_efree(ssl_key); } if (ssl_cert) { - efree(ssl_cert); + str_efree(ssl_cert); } if (ssl_ca) { - efree(ssl_ca); + str_efree(ssl_ca); } if (ssl_capath) { - efree(ssl_capath); + str_efree(ssl_capath); } if (ssl_cipher) { - efree(ssl_cipher); + str_efree(ssl_cipher); } } @@ -724,10 +724,10 @@ static int pdo_mysql_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_ if (public_key) { if (mysql_options(H->server, MYSQL_SERVER_PUBLIC_KEY, public_key)) { pdo_mysql_error(dbh); - efree(public_key); + str_efree(public_key); goto cleanup; } - efree(public_key); + str_efree(public_key); } } #endif diff --git a/ext/pdo_mysql/tests/bug71569.phpt b/ext/pdo_mysql/tests/bug71569.phpt new file mode 100644 index 0000000000..32c14b4622 --- /dev/null +++ b/ext/pdo_mysql/tests/bug71569.phpt @@ -0,0 +1,23 @@ +--TEST-- +Bug #71569 (#70389 fix causes segmentation fault) +--SKIPIF-- +<?php +require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'skipif.inc'); +require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc'); +MySQLPDOTest::skip(); +?> +--FILE-- +<?php +require(dirname(__FILE__). DIRECTORY_SEPARATOR . 'config.inc'); + +try { + new PDO(PDO_MYSQL_TEST_DSN, PDO_MYSQL_TEST_USER, PDO_MYSQL_TEST_PASS, [ + PDO::MYSQL_ATTR_INIT_COMMAND => null, + ]); +} catch (PDOException $e) { + echo $e->getMessage(); +} + +?> +--EXPECT-- +SQLSTATE[42000] [1065] Query was empty diff --git a/ext/sqlite3/sqlite3.c b/ext/sqlite3/sqlite3.c index f7f76cd3fb..ce9472a714 100644 --- a/ext/sqlite3/sqlite3.c +++ b/ext/sqlite3/sqlite3.c @@ -123,7 +123,8 @@ PHP_METHOD(sqlite3, open) if (strlen(filename) != filename_len) { return; } - if (memcmp(filename, ":memory:", sizeof(":memory:")) != 0) { + if (filename_len != sizeof(":memory:")-1 || + memcmp(filename, ":memory:", sizeof(":memory:")-1) != 0) { if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) { zend_throw_exception(zend_exception_get_default(TSRMLS_C), "Unable to expand filepath", 0 TSRMLS_CC); return; diff --git a/ext/standard/string.c b/ext/standard/string.c index bcfc3b6181..d5f83e7d0f 100644 --- a/ext/standard/string.c +++ b/ext/standard/string.c @@ -4822,7 +4822,7 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow, * state == 2 (PHP). Switch back to HTML. */ - if (state == 2 && p > buf+2 && strncasecmp(p-4, "<?xm", 4) == 0) { + if (state == 2 && p > buf+4 && strncasecmp(p-4, "<?xm", 4) == 0) { state = 1; is_xml=1; break; } diff --git a/sapi/cli/php_cli_server.c b/sapi/cli/php_cli_server.c index f85d1265cf..169c05b88e 100644 --- a/sapi/cli/php_cli_server.c +++ b/sapi/cli/php_cli_server.c @@ -2058,6 +2058,19 @@ static int php_cli_server_begin_send_static(php_cli_server *server, php_cli_serv return php_cli_server_send_error_page(server, client, 400 TSRMLS_CC); } +#ifdef PHP_WIN32 + /* The win32 namespace will cut off trailing dots and spaces. Since the + VCWD functionality isn't used here, a sophisticated functionality + would have to be reimplemented to know ahead there are no files + with invalid names there. The simplest is just to forbid invalid + filenames, which is done here. */ + if (client->request.path_translated && + ('.' == client->request.path_translated[client->request.path_translated_len-1] || + ' ' == client->request.path_translated[client->request.path_translated_len-1])) { + return php_cli_server_send_error_page(server, client, 500); + } +#endif + fd = client->request.path_translated ? open(client->request.path_translated, O_RDONLY): -1; if (fd < 0) { return php_cli_server_send_error_page(server, client, 404 TSRMLS_CC); |