summaryrefslogtreecommitdiff
path: root/ext
Commit message (Collapse)AuthorAgeFilesLines
* Fix bug #77950 - Heap-buffer-overflow in _estrndup via exif_process_IFD_TAGStanislav Malyshev2019-04-303-1/+13
| | | | | | I do not completely understand what is going on there, but I am pretty sure dir_entry <= offset_base if not a normal situation, so we better not to rely on such dir_entry.
* Always use ZEND_SECURE_ZERO() when cleaning up dataStanislav Malyshev2019-04-065-5/+7
| | | | | | Optimizing compilers have an annoying tendency to throw out memsets over data that they think aren't used anymore. Apply secure zero-out in cases where this has potential to happen.
* fix paste issueRemi Collet2019-04-021-1/+1
|
* Pointer arithmetic on void pointers is illegalChristoph M. Becker2019-04-021-2/+2
| | | | | We quick-fix this by casting to char*; it might be more appropriate to use char pointers in the first place.
* Fixed bug #77831 - Heap-buffer-overflow in exif_iif_add_value in EXIFStanislav Malyshev2019-04-023-15/+41
|
* Fix bug #77753 - Heap-buffer-overflow in php_ifd_get32sStanislav Malyshev2019-03-313-0/+20
|
* Validate subject encoding in mb_split and mb_ereg_matchNikita Popov2019-03-272-5/+12
| | | | | We were already validating the subject encoding in most functions, but not these two.
* Validate pattern against mbregex encodingNikita Popov2019-03-276-15/+31
| | | | | | Oniguruma does not consistently perform this validation itself (at least on older versions), so make sure we check pattern encoding validity on the PHP side.
* SQLite3: add DEFENSIVE config for SQLite >= 3.26.0 as a mitigation strategy ↵bohwaz2019-03-113-0/+50
| | | | against potential security flaws
* Sync with behavior change in OpenSSL 1.1.1bAnatol Belski2019-03-081-1/+1
| | | | | | | | | A behavior change in revealed by some openssl_decrypt() based test, where an encrypt API is used with a decrypt context. The EVP_Cipher* functions will automatically choose the right operation depending on the context passed. (cherry picked from commit 19a44ffb7be91344550fa700830b8e62a73031ba)
* Fix bug #77586 - phar_tar_writeheaders_int() buffer overflowStanislav Malyshev2019-03-034-3/+31
|
* Fix test error messageStanislav Malyshev2019-03-031-1/+1
|
* Fix bug #77563 - Uninitialized read in exif_process_IFD_in_MAKERNOTEStanislav Malyshev2019-03-033-1/+18
| | | | Also fix for bug #77659
* Fix bug #77540 - Invalid Read on exif_process_SOFnStanislav Malyshev2019-03-033-2/+24
|
* Fix integer overflows on 32-bitsStanislav Malyshev2019-03-031-7/+7
|
* Fix #77431 SplFileInfo::__construct() accepts NUL bytesChristoph M. Becker2019-03-032-1/+10
| | | | | `SplFileInfo::__construct()` has to expect a path instead of a string, analogous to `SplFileObject::__construct()`.
* Fix bug #77396 - Null Pointer Dereference in phar_create_or_parse_filenameStanislav Malyshev2019-03-032-0/+18
|
* Still leaking for some reason, XFAIL for now, I'll look into it later.Stanislav Malyshev2019-01-071-0/+2
|
* Merge branch 'PHP-5.6' into PHP-7.1Stanislav Malyshev2019-01-065-2/+21
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.6: Fix bug #77418 - Heap overflow in utf32be_mbc_to_code [ci skip] Add NEWS Fix more issues with encodilng length Fix #77270: imagecolormatch Out Of Bounds Write on Heap Fix bug #77380 (Global out of bounds read in xmlrpc base64 code) Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node) Fix bug #77370 - check that we do not read past buffer end when parsing multibytes Fix #77269: Potential unsigned underflow in gdImageScale Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext) Fix bug #77242 (heap out of bounds read in xmlrpc_decode()) Regenerate certs for openssl tests
| * Fix bug #77418 - Heap overflow in utf32be_mbc_to_codeStanislav Malyshev2019-01-065-2/+21
| |
| * Fix more issues with encodilng lengthStanislav Malyshev2019-01-066-14/+38
| | | | | | | | Should fix bug #77381, bug #77382, bug #77385, bug #77394.
| * Fix #77270: imagecolormatch Out Of Bounds Write on HeapChristoph M. Becker2019-01-062-2/+20
| | | | | | | | | | | | | | At least some of the image reading functions may return images which use color indexes greater than or equal to im->colorsTotal. We cater to this by always using a buffer size which is sufficient for `gdMaxColors` in `gdImageColorMatch()`.
| * Fix bug #77380 (Global out of bounds read in xmlrpc base64 code)Stanislav Malyshev2019-01-062-2/+19
| |
| * Fix bug #77371 (heap buffer overflow in mb regex functions - ↵Stanislav Malyshev2019-01-062-0/+11
| | | | | | | | compile_string_node)
| * Fix bug #77370 - check that we do not read past buffer end when parsing ↵Stanislav Malyshev2019-01-062-0/+22
| | | | | | | | multibytes
| * Fix #77269: Potential unsigned underflow in gdImageScaleChristoph M. Becker2019-01-062-9/+30
| | | | | | | | | | | | Belatedly, we're porting the respective upstream patch[1]. [1] <https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35>
| * Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)Stanislav Malyshev2019-01-062-1/+15
| |
| * Fix bug #77242 (heap out of bounds read in xmlrpc_decode())Stanislav Malyshev2019-01-062-0/+13
| |
| * Regenerate certs for openssl testsAlexander Kurilo2019-01-025-44/+91
| |
* | Fix testStanislav Malyshev2019-01-061-0/+2
| |
* | Fix #77369 - memcpy with negative length via crafted DNS responseStanislav Malyshev2019-01-061-0/+7
| |
* | Fix more issues with encodilng lengthStanislav Malyshev2019-01-066-14/+38
| | | | | | | | Should fix bug #77381, bug #77382, bug #77385, bug #77394.
* | Fix #77270: imagecolormatch Out Of Bounds Write on HeapChristoph M. Becker2019-01-062-2/+20
| | | | | | | | | | | | | | At least some of the image reading functions may return images which use color indexes greater than or equal to im->colorsTotal. We cater to this by always using a buffer size which is sufficient for `gdMaxColors` in `gdImageColorMatch()`.
* | Fix bug #77380 (Global out of bounds read in xmlrpc base64 code)Stanislav Malyshev2019-01-062-2/+19
| |
* | Fix bug #77371 (heap buffer overflow in mb regex functions - ↵Stanislav Malyshev2019-01-062-0/+11
| | | | | | | | compile_string_node)
* | Fix bug #77370 - check that we do not read past buffer end when parsing ↵Stanislav Malyshev2019-01-062-0/+22
| | | | | | | | multibytes
* | Fix #77269: Potential unsigned underflow in gdImageScaleChristoph M. Becker2019-01-062-9/+30
| | | | | | | | | | | | Belatedly, we're porting the respective upstream patch[1]. [1] <https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35>
* | Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)Stanislav Malyshev2019-01-062-1/+15
| |
* | Fix bug #77242 (heap out of bounds read in xmlrpc_decode())Stanislav Malyshev2019-01-062-0/+13
| |
* | Regenerate certs for openssl testsAlexander Kurilo2019-01-065-44/+91
| |
* | Merge branch 'PHP-7.0' into PHP-7.1Stanislav Malyshev2018-12-032-1/+12
|\ \ | | | | | | | | | | | | * PHP-7.0: Fix null pointer deref in qprint-encode filter (bug #77231)
| * \ Merge branch 'PHP-5.6' into PHP-7.0Stanislav Malyshev2018-12-032-1/+12
| |\ \ | | |/ | | | | | | | | | * PHP-5.6: Fix null pointer deref in qprint-encode filter (bug #77231)
| | * Fix null pointer deref in qprint-encode filter (bug #77231)Stanislav Malyshev2018-12-032-1/+12
| | |
* | | Merge branch 'PHP-7.0' into PHP-7.1Stanislav Malyshev2018-12-036-11/+55
|\ \ \ | |/ / | | | | | | | | | | | | | | | * PHP-7.0: Fix bug #77143 - add more checks to buffer reads Fix bug #77143 - add more checks to buffer reads Fix #77020: null pointer dereference in imap_mail
| * | Merge branch 'PHP-5.6' into PHP-7.0Stanislav Malyshev2018-12-031-1/+1
| |\ \ | | |/ | | | | | | | | | * PHP-5.6: Fix bug #77143 - add more checks to buffer reads
| | * Fix bug #77143 - add more checks to buffer readsStanislav Malyshev2018-12-034-10/+40
| | |
| * | Merge branch 'PHP-5.6' into PHP-7.0Stanislav Malyshev2018-12-036-11/+55
| |\ \ | | | | | | | | | | | | | | | | | | | | * PHP-5.6: Fix bug #77143 - add more checks to buffer reads Fix #77020: null pointer dereference in imap_mail
| | * | Fix bug #77143 - add more checks to buffer readsStanislav Malyshev2018-12-034-10/+40
| | |/
| | * Fix #77020: null pointer dereference in imap_mailStanislav Malyshev2018-12-032-1/+15
| | | | | | | | | | | | | | | | | | If an empty $message is passed to imap_mail(), we must not set message to NULL, since _php_imap_mail() is not supposed to handle NULL pointers (opposed to pointers to NUL).
* | | Merge branch 'PHP-7.0' into PHP-7.1Stanislav Malyshev2018-12-025-74/+63
|\ \ \ | |/ / | | | | | | | | | | | | | | | * PHP-7.0: Fix TSRM signature - php_stream_stat macro has it's own TSRM Regenerate certificates for openssl tests Improve test for bug77022
View Lorry Controller Status