diff options
Diffstat (limited to 'ext')
| -rw-r--r-- | ext/date/php_date.c | 13 | ||||
| -rw-r--r-- | ext/date/tests/bug70277.phpt | 17 | ||||
| -rw-r--r-- | ext/enchant/tests/broker_request_pwl_dict.phpt | 40 | ||||
| -rw-r--r-- | ext/enchant/tests/enchant_broker_request_pwl_dict.pwl | 10 | ||||
| -rw-r--r-- | ext/iconv/iconv.c | 1 | ||||
| -rw-r--r-- | ext/openssl/openssl.c | 6 | ||||
| -rw-r--r-- | ext/tidy/tidy.c | 1 | ||||
| -rw-r--r-- | ext/zlib/zlib.c | 2 |
8 files changed, 81 insertions, 9 deletions
diff --git a/ext/date/php_date.c b/ext/date/php_date.c index ee30071f54..a8229c5777 100644 --- a/ext/date/php_date.c +++ b/ext/date/php_date.c @@ -3601,12 +3601,17 @@ PHP_FUNCTION(date_diff) } /* }}} */ -static int timezone_initialize(php_timezone_obj *tzobj, /*const*/ char *tz) /* {{{ */ +static int timezone_initialize(php_timezone_obj *tzobj, /*const*/ char *tz, size_t tz_len) /* {{{ */ { timelib_time *dummy_t = ecalloc(1, sizeof(timelib_time)); int dst, not_found; char *orig_tz = tz; + if (strlen(tz) != tz_len) { + php_error_docref(NULL, E_WARNING, "Timezone must not contain null bytes"); + return FAILURE; + } + dummy_t->z = timelib_parse_zone(&tz, &dst, dummy_t, ¬_found, DATE_TIMEZONEDB, php_date_parse_tzfile_wrapper); if (not_found) { php_error_docref(NULL, E_WARNING, "Unknown or bad timezone (%s)", orig_tz); @@ -3633,7 +3638,7 @@ PHP_FUNCTION(timezone_open) RETURN_FALSE; } tzobj = Z_PHPTIMEZONE_P(php_date_instantiate(date_ce_timezone, return_value)); - if (SUCCESS != timezone_initialize(tzobj, tz)) { + if (SUCCESS != timezone_initialize(tzobj, tz, tz_len)) { zval_ptr_dtor(return_value); RETURN_FALSE; } @@ -3656,7 +3661,7 @@ PHP_METHOD(DateTimeZone, __construct) zend_replace_error_handling(EH_THROW, NULL, &error_handling); tzobj = Z_PHPTIMEZONE_P(getThis()); - timezone_initialize(tzobj, tz); + timezone_initialize(tzobj, tz, tz_len); zend_restore_error_handling(&error_handling); } /* }}} */ @@ -3674,7 +3679,7 @@ static int php_date_timezone_initialize_from_hash(zval **return_value, php_timez if (Z_TYPE_P(z_timezone) != IS_STRING) { return FAILURE; } - if (SUCCESS == timezone_initialize(*tzobj, Z_STRVAL_P(z_timezone))) { + if (SUCCESS == timezone_initialize(*tzobj, Z_STRVAL_P(z_timezone), Z_STRLEN_P(z_timezone))) { return SUCCESS; } } diff --git a/ext/date/tests/bug70277.phpt b/ext/date/tests/bug70277.phpt new file mode 100644 index 0000000000..648bd19c77 --- /dev/null +++ b/ext/date/tests/bug70277.phpt @@ -0,0 +1,17 @@ +--TEST-- +Bug #70277 (new DateTimeZone($foo) is ignoring text after null byte) +--FILE-- +<?php +$timezone = "Europe/Zurich\0Foo"; +var_dump(timezone_open($timezone)); +var_dump(new DateTimeZone($timezone)); +?> +--EXPECTF-- +Warning: timezone_open(): Timezone must not contain null bytes in %sbug70277.php on line %d +bool(false) + +Fatal error: Uncaught Exception: DateTimeZone::__construct(): Timezone must not contain null bytes in %sbug70277.php:%d +Stack trace: +#0 %sbug70277.php(%d): DateTimeZone->__construct('Europe/Zurich\x00F...') +#1 {main} + thrown in %sbug70277.php on line %d diff --git a/ext/enchant/tests/broker_request_pwl_dict.phpt b/ext/enchant/tests/broker_request_pwl_dict.phpt new file mode 100644 index 0000000000..6235aeea5f --- /dev/null +++ b/ext/enchant/tests/broker_request_pwl_dict.phpt @@ -0,0 +1,40 @@ +--TEST-- +resource enchant_broker_request_pwl_dict(resource $broker, string $filename); function +--CREDITS-- +marcosptf - <marcosptf@yahoo.com.br> +--SKIPIF-- +<?php +if(!extension_loaded('enchant')) die('skip, enchant not loader'); +if(!is_resource(enchant_broker_init())) {die("skip, resource dont load\n");} +?> +--FILE-- +<?php +$broker = enchant_broker_init(); +$pathPwlDict = __DIR__ . "/enchant_broker_request_pwl_dict.pwl"; + +if (is_resource($broker)) { + echo("OK\n"); + $requestDict = enchant_broker_request_pwl_dict($broker, $pathPwlDict); + + if (is_resource($requestDict)) { + echo("OK\n"); + $dictdescribe = enchant_dict_describe($requestDict); + + if ($pathPwlDict === $dictdescribe['file']) { + echo("OK\n"); + } else { + echo("broker dict describe is not a resource failed\n"); + } + } else { + echo("dict broker request pwl has failed\n"); + } +} else { + echo("broker is not a resource; failed;\n"); +} +echo "OK\n"; +?> +--EXPECT-- +OK +OK +OK +OK diff --git a/ext/enchant/tests/enchant_broker_request_pwl_dict.pwl b/ext/enchant/tests/enchant_broker_request_pwl_dict.pwl new file mode 100644 index 0000000000..abe4110361 --- /dev/null +++ b/ext/enchant/tests/enchant_broker_request_pwl_dict.pwl @@ -0,0 +1,10 @@ +java +perl +awk +clang +php +python +cplusplus +csharp +bash +ruby diff --git a/ext/iconv/iconv.c b/ext/iconv/iconv.c index 8699174b3a..59d3985813 100644 --- a/ext/iconv/iconv.c +++ b/ext/iconv/iconv.c @@ -401,7 +401,6 @@ static int php_iconv_output_handler(void **nothing, php_output_context *output_c { char *s, *content_type, *mimetype = NULL; int output_status, mimetype_len = 0; - PHP_OUTPUT_TSRMLS(output_context); if (output_context->op & PHP_OUTPUT_HANDLER_START) { output_status = php_output_get_status(); diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index b09f17481f..1608e5d5af 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -4822,6 +4822,10 @@ PHP_FUNCTION(openssl_verify) return; } + if (UINT_MAX < signature_len) { + php_error_docref(NULL, E_WARNING, "signature is too long"); + RETURN_FALSE; + } if (method == NULL || Z_TYPE_P(method) == IS_LONG) { if (method != NULL) { signature_algo = Z_LVAL_P(method); @@ -4846,7 +4850,7 @@ PHP_FUNCTION(openssl_verify) EVP_VerifyInit (&md_ctx, mdtype); EVP_VerifyUpdate (&md_ctx, data, data_len); - err = EVP_VerifyFinal (&md_ctx, (unsigned char *)signature, (int)signature_len, pkey); + err = EVP_VerifyFinal(&md_ctx, (unsigned char *)signature, (unsigned int)signature_len, pkey); EVP_MD_CTX_cleanup(&md_ctx); if (keyresource == NULL) { diff --git a/ext/tidy/tidy.c b/ext/tidy/tidy.c index f570da6d50..cdda540586 100644 --- a/ext/tidy/tidy.c +++ b/ext/tidy/tidy.c @@ -1149,7 +1149,6 @@ static int php_tidy_output_handler(void **nothing, php_output_context *output_co int status = FAILURE; TidyDoc doc; TidyBuffer inbuf, outbuf, errbuf; - PHP_OUTPUT_TSRMLS(output_context); if (TG(clean_output) && (output_context->op & PHP_OUTPUT_HANDLER_START) && (output_context->op & PHP_OUTPUT_HANDLER_FINAL)) { doc = tidyCreate(); diff --git a/ext/zlib/zlib.c b/ext/zlib/zlib.c index 2d141597ed..7abd7cfd6c 100644 --- a/ext/zlib/zlib.c +++ b/ext/zlib/zlib.c @@ -124,7 +124,6 @@ static int php_zlib_output_encoding(void) static int php_zlib_output_handler_ex(php_zlib_context *ctx, php_output_context *output_context) { int flags = Z_SYNC_FLUSH; - PHP_OUTPUT_TSRMLS(output_context); if (output_context->op & PHP_OUTPUT_HANDLER_START) { /* start up */ @@ -210,7 +209,6 @@ static int php_zlib_output_handler_ex(php_zlib_context *ctx, php_output_context static int php_zlib_output_handler(void **handler_context, php_output_context *output_context) { php_zlib_context *ctx = *(php_zlib_context **) handler_context; - PHP_OUTPUT_TSRMLS(output_context); if (!php_zlib_output_encoding()) { /* "Vary: Accept-Encoding" header sent along uncompressed content breaks caching in MSIE, |