mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-01-26 21:54:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into sccp

Browse Source 
* master: (43 commits)
  Keep information about SSA variables, that may be modified indirectly.
  Added constants for known ldap controls OID and tests for ldap_get/set_option for controls
  Added support for controls to ldap_get_option
  [ci skip] sync NEWS
  NEWS for oniguruma
  Patch from the upstream git https://github.com/kkos/oniguruma/issues/60 (CVE-2017-9228)
  Patch from the upstream git https://github.com/kkos/oniguruma/issues/59 (CVE-2017-9229) b690371bbf97794b4a1d3f295d4fb9a8b05d402d Modified for onig 5.9.6
  Patch from the upstream git https://github.com/kkos/oniguruma/issues/58 (CVE-2017-9227)
  Patch from the upstream git https://github.com/kkos/oniguruma/issues/57 (CVE-2017-9224)
  Patch from the upstream git https://github.com/kkos/oniguruma/issues/55 (CVE-2017-9226) b4bf968ad52afe14e60a2dc8a95d3555c543353a Modified for onig 5.9.6 f015fbdd95f76438cd86366467bb2b39870dd7c6 Modified for onig 5.9.6
  valid_symbol_table removed
  Improve fix for #74145
  Fix wddx
  Fix tests
  Fixed bug #74111
  Fix bug #74603 - use correct buffer size
  Fix bug #74651 - check EVP_SealInit as it can return -1
  Update NEWS
  Fix bug #74087
  Fixed parsing of strange formats with mixed month/day and time strings
  ...
This commit is contained in:
Dmitry Stogov 2017-07-05 19:17:04 +03:00
commit 4bb9b6526e
39 changed files with 7115 additions and 8555 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
UPGRADING.INTERNALS
View File

@ -8,6 +8,7 @@ PHP 7.2 INTERNALS UPGRADE NOTES
e. IS_TYPE_IMMUTABLE removed
f. zend_arg_info.class_name removed
g. ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX changed
h. valid_symbol_table removed
2. Build system changes
a. Unix build system changes
@ -44,6 +45,9 @@ PHP 7.2 INTERNALS UPGRADE NOTES
use ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX for simple type
use ZEND_BEGIN_ARG_WITH_RETURN_OBJ_INFO_EX for object
h. valid_symbol_table is removed from executor_globals.
Use EG(active) instead of removed EG(valid_symbol_table)
========================
2. Build system changes
========================

1
Zend/tests/bug74603.ini Normal file
View File

@ -0,0 +1 @@
0=0&~2000000000

15
Zend/tests/bug74603.phpt Normal file
View File

@ -0,0 +1,15 @@
--TEST--
Bug #74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability)
--SKIPIF--
<?php
if (PHP_INT_MAX !== 2147483647)
die('skip for 32-bit only');
--FILE--
<?php
var_dump(parse_ini_file(__DIR__ . "/bug74603.ini", true, INI_SCANNER_NORMAL));
?>
--EXPECT--
array(1) {
[0]=>
string(1) "0"
}

2
Zend/zend_ini_parser.y
View File

@ -55,7 +55,7 @@ static void zend_ini_do_op(char type, zval *result, zval *op1, zval *op2)
int i_result;
int i_op1, i_op2;
int str_len;
char str_result[MAX_LENGTH_OF_LONG];
char str_result[MAX_LENGTH_OF_LONG+1];
i_op1 = atoi(Z_STRVAL_P(op1));
zend_string_free(Z_STR_P(op1));

13266
ext/date/lib/parse_date.c
View File

File diff suppressed because it is too large Load Diff

2
ext/date/lib/parse_date.re
View File

@ -913,7 +913,7 @@ datefull = day ([ \t.-])* monthtext ([ \t.-])* year;
datenoday = monthtext ([ .\t-])* year4;
datenodayrev = year4 ([ .\t-])* monthtext;
datetextual = monthtext ([ .\t-])* day [,.stndrh\t ]+ year;
datenoyear = monthtext ([ .\t-])* day [,.stndrh\t ]*;
datenoyear = monthtext ([ .\t-])* day ([,.stndrh\t ]+|[\000]);
datenoyearrev = day ([ .\t-])* monthtext;
datenocolon = year4 monthlz daylz;

4
ext/date/tests/date-time-modify-times.phpt
View File

@ -34,14 +34,14 @@ foreach ( $tests as $start => $data )
echo "\n";
?>
--EXPECT--
Sat, 23 Oct 2010 00:00:00 +0000
Fri, 15 Oct 2010 23:00:00 +0000
Wed, 15 Dec 2010 16:15:00 +0000
Mon, 20 Dec 2010 00:00:00 +0000
Mon, 20 Dec 2010 10:00:00 +0000
Tue, 21 Dec 2010 12:00:00 +0000
Mon, 03 Jan 2011 00:00:00 +0000
Mon, 03 Jan 2011 09:00:00 +0000
Sat, 23 Oct 2010 00:00:00 +0100
Fri, 15 Oct 2010 23:00:00 +0100
Sun, 28 Mar 2010 00:15:00 +0000
Sun, 28 Mar 2010 02:15:00 +0100
Sun, 28 Mar 2010 02:15:00 +0100

3
ext/gd/libgd/gd_gif_in.c
View File

@ -148,6 +148,9 @@ gdImagePtr gdImageCreateFromGifCtx(gdIOCtxPtr fd) /* {{{ */
int haveGlobalColormap;
gdImagePtr im = 0;
memset(ColorMap, 0, 3 * MAXCOLORMAPSIZE);
memset(localColorMap, 0, 3 * MAXCOLORMAPSIZE);
/*1.4//imageNumber = 1; */
if (! ReadOK(fd,buf,6)) {
return 0;

BIN
ext/gd/tests/bug74435.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 11 KiB

27
ext/gd/tests/bug74435.phpt Normal file
View File

@ -0,0 +1,27 @@
--TEST--
Bug #74435 (Buffer over-read into uninitialized memory)
--SKIPIF--
<?php
if (!extension_loaded('gd')) die('skip gd extension not available');
?>
--FILE--
<?php
$im = imagecreatefromgif(__DIR__ . DIRECTORY_SEPARATOR . 'bug74435.gif');
var_dump($im);
$width = imagesx($im);
$height = imagesy($im);
for ($i = 0; $i < $width; $i += 16) {
for ($j = 0; $j < $height; $j += 16) {
if (($index = imagecolorat($im, $i, $j)) >= 2) {
list($red, $green, $blue, $alpha) = array_values(imagecolorsforindex($im, $index));
if ($red !== 0 || $green !== 0 || $blue !== 0 || $alpha !== 0) {
echo "unexpected color at ($i, $j)\n";
}
}
}
}
?>
===DONE===
--EXPECTF--
resource(%d) of type (gd)
===DONE===

2
ext/ldap/config.m4
View File

@ -204,7 +204,7 @@ if test "$PHP_LDAP" != "no"; then
dnl Solaris 2.8 claims to be 2004 API, but doesn't have
dnl ldap_parse_reference() nor ldap_start_tls_s()
AC_CHECK_FUNCS([ldap_parse_result ldap_parse_reference ldap_start_tls_s ldap_control_find])
AC_CHECK_FUNCS([ldap_parse_result ldap_parse_reference ldap_start_tls_s ldap_control_find ldap_parse_extended_result ldap_extended_operation ldap_extended_operation_s ldap_passwd_s ldap_whoami_s])
dnl
dnl SASL check

5
ext/ldap/config.w32
View File

@ -21,6 +21,11 @@ if (PHP_LDAP != "no") {
AC_DEFINE('HAVE_LDAP_SASL_SASL_H', 1);
AC_DEFINE('LDAP_DEPRECATED', 1);
AC_DEFINE('HAVE_LDAP_CONTROL_FIND', 1);
AC_DEFINE('HAVE_LDAP_PARSE_EXTENDED_RESULT', 1);
AC_DEFINE('HAVE_LDAP_EXTENDED_OPERATION_S', 1);
AC_DEFINE('HAVE_LDAP_PASSWD_S', 1);
AC_DEFINE('HAVE_LDAP_WHOAMI_S', 1);
AC_DEFINE('HAVE_LDAP_EXTENDED_OPERATION', 1);
} else {
WARNING("ldap not enabled; libraries and headers not found");

414
ext/ldap/ldap.c
View File

@ -283,6 +283,84 @@ PHP_MINIT_FUNCTION(ldap)
REGISTER_LONG_CONSTANT("LDAP_ESCAPE_FILTER", PHP_LDAP_ESCAPE_FILTER, CONST_PERSISTENT | CONST_CS);
REGISTER_LONG_CONSTANT("LDAP_ESCAPE_DN", PHP_LDAP_ESCAPE_DN, CONST_PERSISTENT | CONST_CS);
#ifdef HAVE_LDAP_EXTENDED_OPERATION_S
REGISTER_STRING_CONSTANT("LDAP_EXOP_START_TLS", LDAP_EXOP_START_TLS, CONST_PERSISTENT | CONST_CS);
REGISTER_STRING_CONSTANT("LDAP_EXOP_MODIFY_PASSWD", LDAP_EXOP_MODIFY_PASSWD, CONST_PERSISTENT | CONST_CS);
REGISTER_STRING_CONSTANT("LDAP_EXOP_REFRESH", LDAP_EXOP_REFRESH, CONST_PERSISTENT | CONST_CS);
REGISTER_STRING_CONSTANT("LDAP_EXOP_WHO_AM_I", LDAP_EXOP_WHO_AM_I, CONST_PERSISTENT | CONST_CS);
REGISTER_STRING_CONSTANT("LDAP_EXOP_TURN", LDAP_EXOP_TURN, CONST_PERSISTENT | CONST_CS);
#endif
/* LDAP Controls */
/* standard track controls */
#ifdef LDAP_CONTROL_MANAGEDSAIT
/* RFC 3296 */
REGISTER_STRING_CONSTANT("LDAP_CONTROL_MANAGEDSAIT", LDAP_CONTROL_MANAGEDSAIT, CONST_PERSISTENT | CONST_CS);
#endif
#ifdef LDAP_CONTROL_PROXY_AUTHZ
/* RFC 4370 */
REGISTER_STRING_CONSTANT("LDAP_CONTROL_PROXY_AUTHZ", LDAP_CONTROL_PROXY_AUTHZ, CONST_PERSISTENT | CONST_CS);
#endif
#ifdef LDAP_CONTROL_SUBENTRIES
/* RFC 3672 */
REGISTER_STRING_CONSTANT("LDAP_CONTROL_SUBENTRIES", LDAP_CONTROL_SUBENTRIES, CONST_PERSISTENT | CONST_CS);
#endif
#ifdef LDAP_CONTROL_VALUESRETURNFILTER
/* RFC 3876 */
REGISTER_STRING_CONSTANT("LDAP_CONTROL_VALUESRETURNFILTER", LDAP_CONTROL_VALUESRETURNFILTER, CONST_PERSISTENT | CONST_CS);
#endif
#ifdef LDAP_CONTROL_ASSERT
/* RFC 4528 */
REGISTER_STRING_CONSTANT("LDAP_CONTROL_ASSERT", LDAP_CONTROL_ASSERT, CONST_PERSISTENT | CONST_CS);
/* RFC 4527 */
REGISTER_STRING_CONSTANT("LDAP_CONTROL_PRE_READ", LDAP_CONTROL_PRE_READ, CONST_PERSISTENT | CONST_CS);
REGISTER_STRING_CONSTANT("LDAP_CONTROL_POST_READ", LDAP_CONTROL_POST_READ, CONST_PERSISTENT | CONST_CS);
#endif
#ifdef LDAP_CONTROL_SORTREQUEST
/* RFC 2891 */
REGISTER_STRING_CONSTANT("LDAP_CONTROL_SORTREQUEST", LDAP_CONTROL_SORTREQUEST, CONST_PERSISTENT | CONST_CS);
REGISTER_STRING_CONSTANT("LDAP_CONTROL_SORTRESPONSE", LDAP_CONTROL_SORTRESPONSE, CONST_PERSISTENT | CONST_CS);
#endif
/* non-standard track controls */
#ifdef LDAP_CONTROL_PAGEDRESULTS
/* RFC 2696 */
REGISTER_STRING_CONSTANT("LDAP_CONTROL_PAGEDRESULTS", LDAP_CONTROL_PAGEDRESULTS, CONST_PERSISTENT | CONST_CS);
#endif
#ifdef LDAP_CONTROL_AUTHZID_REQUEST
/* RFC 3829 */
REGISTER_STRING_CONSTANT("LDAP_CONTROL_AUTHZID_REQUEST", LDAP_CONTROL_AUTHZID_REQUEST, CONST_PERSISTENT | CONST_CS);
REGISTER_STRING_CONSTANT("LDAP_CONTROL_AUTHZID_RESPONSE", LDAP_CONTROL_AUTHZID_RESPONSE, CONST_PERSISTENT | CONST_CS);
#endif
#ifdef LDAP_CONTROL_SYNC
/* LDAP Content Synchronization Operation -- RFC 4533 */
REGISTER_STRING_CONSTANT("LDAP_CONTROL_SYNC", LDAP_CONTROL_SYNC, CONST_PERSISTENT | CONST_CS);
REGISTER_STRING_CONSTANT("LDAP_CONTROL_SYNC_STATE", LDAP_CONTROL_SYNC_STATE, CONST_PERSISTENT | CONST_CS);
REGISTER_STRING_CONSTANT("LDAP_CONTROL_SYNC_DONE", LDAP_CONTROL_SYNC_DONE, CONST_PERSISTENT | CONST_CS);
#endif
#ifdef LDAP_CONTROL_DONTUSECOPY
/* LDAP Don't Use Copy Control (RFC 6171) */
REGISTER_STRING_CONSTANT("LDAP_CONTROL_DONTUSECOPY", LDAP_CONTROL_DONTUSECOPY, CONST_PERSISTENT | CONST_CS);
#endif
#ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
/* Password policy Controls */
REGISTER_STRING_CONSTANT("LDAP_CONTROL_PASSWORDPOLICYREQUEST", LDAP_CONTROL_PASSWORDPOLICYREQUEST, CONST_PERSISTENT | CONST_CS);
REGISTER_STRING_CONSTANT("LDAP_CONTROL_PASSWORDPOLICYRESPONSE", LDAP_CONTROL_PASSWORDPOLICYRESPONSE, CONST_PERSISTENT | CONST_CS);
#endif
#ifdef LDAP_CONTROL_X_INCREMENTAL_VALUES
/* MS Active Directory controls */
REGISTER_STRING_CONSTANT("LDAP_CONTROL_X_INCREMENTAL_VALUES", LDAP_CONTROL_X_INCREMENTAL_VALUES, CONST_PERSISTENT | CONST_CS);
REGISTER_STRING_CONSTANT("LDAP_CONTROL_X_DOMAIN_SCOPE", LDAP_CONTROL_X_DOMAIN_SCOPE, CONST_PERSISTENT | CONST_CS);
REGISTER_STRING_CONSTANT("LDAP_CONTROL_X_PERMISSIVE_MODIFY", LDAP_CONTROL_X_PERMISSIVE_MODIFY, CONST_PERSISTENT | CONST_CS);
REGISTER_STRING_CONSTANT("LDAP_CONTROL_X_SEARCH_OPTIONS", LDAP_CONTROL_X_SEARCH_OPTIONS, CONST_PERSISTENT | CONST_CS);
REGISTER_STRING_CONSTANT("LDAP_CONTROL_X_TREE_DELETE", LDAP_CONTROL_X_TREE_DELETE, CONST_PERSISTENT | CONST_CS);
REGISTER_STRING_CONSTANT("LDAP_CONTROL_X_EXTENDED_DN", LDAP_CONTROL_X_EXTENDED_DN, CONST_PERSISTENT | CONST_CS);
#endif
#ifdef LDAP_CONTROL_X_INCREMENTAL_VALUES
/* LDAP VLV */
REGISTER_STRING_CONSTANT("LDAP_CONTROL_VLVREQUEST", LDAP_CONTROL_VLVREQUEST, CONST_PERSISTENT | CONST_CS);
REGISTER_STRING_CONSTANT("LDAP_CONTROL_VLVRESPONSE", LDAP_CONTROL_VLVRESPONSE, CONST_PERSISTENT | CONST_CS);
#endif
le_link = zend_register_list_destructors_ex(_close_ldap_link, NULL, "ldap link", module_number);
le_result = zend_register_list_destructors_ex(_free_ldap_result, NULL, "ldap result", module_number);
le_result_entry = zend_register_list_destructors_ex(_free_ldap_result_entry, NULL, "ldap result entry", module_number);
@ -2121,6 +2199,8 @@ PHP_FUNCTION(ldap_sort)
PHP_FUNCTION(ldap_get_option)
{
zval *link, *retval;
zval tmp1;
int num_entries;
ldap_linkdata *ld;
zend_long option;
@ -2265,9 +2345,37 @@ PHP_FUNCTION(ldap_get_option)
ZVAL_STRING(retval, val);
ldap_memfree(val);
} break;
/* options not implemented
case LDAP_OPT_SERVER_CONTROLS:
case LDAP_OPT_CLIENT_CONTROLS:
{
LDAPControl **ctrls = NULL, **ctrlp;
if (ldap_get_option(ld->link, option, &ctrls) || ctrls == NULL) {
if (ctrls) {
ldap_memfree(ctrls);
}
RETURN_FALSE;
}
zval_ptr_dtor(retval);
array_init(retval);
num_entries = 0;
ctrlp = ctrls;
while (*ctrlp != NULL)
{
array_init(&tmp1);
add_assoc_string(&tmp1, "oid", (*ctrlp)->ldctl_oid);
add_assoc_bool(&tmp1, "iscritical", ((*ctrlp)->ldctl_iscritical != 0));
if ((*ctrlp)->ldctl_value.bv_len) {
add_assoc_stringl(&tmp1, "value", (*ctrlp)->ldctl_value.bv_val, (*ctrlp)->ldctl_value.bv_len);
}
zend_hash_index_update(Z_ARRVAL_P(retval), num_entries, &tmp1);
num_entries++;
ctrlp++;
}
ldap_controls_free(ctrls);
} break;
/* options not implemented
case LDAP_OPT_API_INFO:
case LDAP_OPT_API_FEATURE_INFO:
*/
@ -2564,6 +2672,67 @@ PHP_FUNCTION(ldap_parse_result)
/* }}} */
#endif
/* {{{ Extended operation response parsing, Pierangelo Masarati */
#ifdef HAVE_LDAP_PARSE_EXTENDED_RESULT
/* {{{ proto bool ldap_parse_exop(resource link, resource result [, string retdata [, string retoid]])
Extract information from extended operation result */
PHP_FUNCTION(ldap_parse_exop)
{
zval *link, *result, *retdata, *retoid;
ldap_linkdata *ld;
LDAPMessage *ldap_result;
char *lretoid;
struct berval *lretdata;
int rc, myargcount = ZEND_NUM_ARGS();
if (zend_parse_parameters(ZEND_NUM_ARGS(), "rr|z/z/", &link, &result, &retdata, &retoid) != SUCCESS) {
WRONG_PARAM_COUNT;
}
if ((ld = (ldap_linkdata *)zend_fetch_resource(Z_RES_P(link), "ldap link", le_link)) == NULL) {
RETURN_FALSE;
}
if ((ldap_result = (LDAPMessage *)zend_fetch_resource(Z_RES_P(result), "ldap result", le_result)) == NULL) {
RETURN_FALSE;
}
rc = ldap_parse_extended_result(ld->link, ldap_result,
myargcount > 3 ? &lretoid: NULL,
myargcount > 2 ? &lretdata: NULL,
0);
if (rc != LDAP_SUCCESS) {
php_error_docref(NULL, E_WARNING, "Unable to parse extended operation result: %s", ldap_err2string(rc));
RETURN_FALSE;
}
/* Reverse -> fall through */
switch (myargcount) {
case 4:
zval_dtor(retoid);
if (lretoid == NULL) {
ZVAL_EMPTY_STRING(retoid);
} else {
ZVAL_STRING(retoid, lretoid);
ldap_memfree(lretoid);
}
case 3:
/* use arg #3 as the data returned by the server */
zval_dtor(retdata);
if (lretdata == NULL) {
ZVAL_EMPTY_STRING(retdata);
} else {
ZVAL_STRINGL(retdata, lretdata->bv_val, lretdata->bv_len);
ldap_memfree(lretdata->bv_val);
ldap_memfree(lretdata);
}
}
RETURN_TRUE;
}
/* }}} */
#endif
/* }}} */
/* {{{ proto resource ldap_first_reference(resource link, resource result)
Return first reference */
PHP_FUNCTION(ldap_first_reference)
@ -3150,6 +3319,203 @@ PHP_FUNCTION(ldap_control_paged_result_response)
/* }}} */
#endif
/* {{{ Extended operations, Pierangelo Masarati */
#ifdef HAVE_LDAP_EXTENDED_OPERATION_S
/* {{{ proto ? ldap_exop(resource link, string reqoid [, string reqdata [, string retdata [, string retoid]]])
Extended operation */
PHP_FUNCTION(ldap_exop)
{
zval *link, *reqoid, *reqdata, *retdata, *retoid;
char *lreqoid, *lretoid = NULL;
struct berval lreqdata, *lretdata = NULL;
ldap_linkdata *ld;
LDAPMessage *ldap_res;
int rc, msgid, myargcount = ZEND_NUM_ARGS();
/* int reqoid_len, reqdata_len, retdata_len, retoid_len, retdat_len; */
if (zend_parse_parameters(ZEND_NUM_ARGS(), "rz|zz/z/", &link, &reqoid, &reqdata, &retdata, &retoid) != SUCCESS) {
WRONG_PARAM_COUNT;
}
if ((ld = (ldap_linkdata *)zend_fetch_resource(Z_RES_P(link), "ldap link", le_link)) == NULL) {
RETURN_FALSE;
}
switch (myargcount) {
case 5:
case 4:
case 3:
convert_to_string_ex(reqdata);
lreqdata.bv_val = Z_STRVAL_P(reqdata);
lreqdata.bv_len = Z_STRLEN_P(reqdata);
/* fallthru */
case 2:
convert_to_string_ex(reqoid);
lreqoid = Z_STRVAL_P(reqoid);
}
if (myargcount > 3) {
/* synchronous call */
rc = ldap_extended_operation_s(ld->link, lreqoid,
lreqdata.bv_len > 0 ? &lreqdata: NULL,
NULL,
NULL,
myargcount > 4 ? &lretoid : NULL,
&lretdata );
if (rc != LDAP_SUCCESS ) {
php_error_docref(NULL, E_WARNING, "Extended operation %s failed: %s (%d)", lreqoid, ldap_err2string(rc), rc);
RETURN_FALSE;
}
/* Reverse -> fall through */
switch (myargcount) {
case 5:
zval_dtor(retoid);
if (lretoid == NULL) {
ZVAL_EMPTY_STRING(retoid);
} else {
ZVAL_STRING(retoid, lretoid);
ldap_memfree(lretoid);
}
case 4:
/* use arg #4 as the data returned by the server */
zval_dtor(retdata);
if (lretdata == NULL) {
ZVAL_EMPTY_STRING(retdata);
} else {
ZVAL_STRINGL(retdata, lretdata->bv_val, lretdata->bv_len);
ldap_memfree(lretdata->bv_val);
ldap_memfree(lretdata);
}
}
RETURN_TRUE;
}
/* asynchronous call */
rc = ldap_extended_operation(ld->link, lreqoid,
lreqdata.bv_len > 0 ? &lreqdata: NULL,
NULL, NULL, &msgid);
if (rc != LDAP_SUCCESS ) {
php_error_docref(NULL, E_WARNING, "Extended operation %s failed: %s (%d)", lreqoid, ldap_err2string(rc), rc);
RETURN_FALSE;
}
rc = ldap_result(ld->link, msgid, 1 /* LDAP_MSG_ALL */, NULL, &ldap_res);
if (rc == -1) {
php_error_docref(NULL, E_WARNING, "Extended operation %s failed", lreqoid);
RETURN_FALSE;
}
/* return a PHP control object */
RETVAL_RES(zend_register_resource(ldap_res, le_result));
}
/* }}} */
#endif
#ifdef HAVE_LDAP_PASSWD_S
/* {{{ proto bool|string ldap_exop_passwd(resource link [, string user [, string oldpw [, string newpw ]]])
Passwd modify extended operation */
PHP_FUNCTION(ldap_exop_passwd)
{
zval *link, *user, *newpw, *oldpw;
struct berval luser, loldpw, lnewpw, lgenpasswd;
ldap_linkdata *ld;
int rc, myargcount = ZEND_NUM_ARGS();
if (zend_parse_parameters(ZEND_NUM_ARGS(), "r|zzz", &link, &user, &oldpw, &newpw) == FAILURE) {
WRONG_PARAM_COUNT;
}
if ((ld = (ldap_linkdata *)zend_fetch_resource(Z_RES_P(link), "ldap link", le_link)) == NULL) {
RETURN_FALSE;
}
luser.bv_len = 0;
loldpw.bv_len = 0;
lnewpw.bv_len = 0;
switch (myargcount) {
case 4:
convert_to_string_ex(newpw);
lnewpw.bv_val = Z_STRVAL_P(newpw);
lnewpw.bv_len = Z_STRLEN_P(newpw);
case 3:
convert_to_string_ex(oldpw);
loldpw.bv_val = Z_STRVAL_P(oldpw);
loldpw.bv_len = Z_STRLEN_P(oldpw);
case 2:
convert_to_string_ex(user);
luser.bv_val = Z_STRVAL_P(user);
luser.bv_len = Z_STRLEN_P(user);
}
/* synchronous call */
rc = ldap_passwd_s(ld->link, &luser,
loldpw.bv_len > 0 ? &loldpw : NULL,
lnewpw.bv_len > 0 ? &lnewpw : NULL,
&lgenpasswd, NULL, NULL);
if (rc != LDAP_SUCCESS ) {
php_error_docref(NULL, E_WARNING, "Passwd modify extended operation failed: %s (%d)", ldap_err2string(rc), rc);
RETURN_FALSE;
}
if (lnewpw.bv_len == 0) {
if (lgenpasswd.bv_len == 0) {
RETVAL_EMPTY_STRING();
} else {
RETVAL_STRINGL(lgenpasswd.bv_val, lgenpasswd.bv_len);
}
} else {
RETURN_TRUE;
}
ldap_memfree(lgenpasswd.bv_val);
}
/* }}} */
#endif
#ifdef HAVE_LDAP_WHOAMI_S
/* {{{ proto bool|string ldap_exop_whoami(resource link)
Whoami extended operation */
PHP_FUNCTION(ldap_exop_whoami)
{
zval *link;
struct berval *lauthzid;
ldap_linkdata *ld;
int rc, myargcount = ZEND_NUM_ARGS();
if (zend_parse_parameters(ZEND_NUM_ARGS(), "r", &link) == FAILURE) {
WRONG_PARAM_COUNT;
}
if ((ld = (ldap_linkdata *)zend_fetch_resource(Z_RES_P(link), "ldap link", le_link)) == NULL) {
RETURN_FALSE;
}
/* synchronous call */
rc = ldap_whoami_s(ld->link, &lauthzid, NULL, NULL);
if (rc != LDAP_SUCCESS ) {
php_error_docref(NULL, E_WARNING, "Whoami extended operation failed: %s (%d)", ldap_err2string(rc), rc);
RETURN_FALSE;
}
if (lauthzid == NULL) {
RETVAL_EMPTY_STRING();
} else {
RETVAL_STRINGL(lauthzid->bv_val, lauthzid->bv_len);
ldap_memfree(lauthzid->bv_val);
ldap_memfree(lauthzid);
}
}
/* }}} */
#endif
/* }}} */
/* }}} */
/* {{{ arginfo */
ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_connect, 0, 0, 0)
ZEND_ARG_INFO(0, hostname)
@ -3425,6 +3791,40 @@ ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_8859_to_t61, 0, 0, 1)
ZEND_ARG_INFO(0, value)
ZEND_END_ARG_INFO()
#endif
#ifdef HAVE_LDAP_EXTENDED_OPERATION_S
ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_exop, 0, 0, 5)
ZEND_ARG_INFO(0, link)
ZEND_ARG_INFO(0, reqoid)
ZEND_ARG_INFO(0, reqdata)
ZEND_ARG_INFO(1, retdata)
ZEND_ARG_INFO(1, retoid)
ZEND_END_ARG_INFO()
#endif
#ifdef HAVE_LDAP_PASSWD_S
ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_exop_passwd, 0, 0, 4)
ZEND_ARG_INFO(0, link)
ZEND_ARG_INFO(0, user)
ZEND_ARG_INFO(0, oldpw)
ZEND_ARG_INFO(0, newpw)
ZEND_END_ARG_INFO()
#endif
#ifdef HAVE_LDAP_WHOAMI_S
ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_exop_whoami, 0, 0, 1)
ZEND_ARG_INFO(0, link)
ZEND_END_ARG_INFO()
#endif
#ifdef HAVE_LDAP_PARSE_EXTENDED_RESULT
ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_parse_exop, 0, 0, 4)
ZEND_ARG_INFO(0, link)
ZEND_ARG_INFO(0, result)
ZEND_ARG_INFO(1, retdata)
ZEND_ARG_INFO(1, retoid)
ZEND_END_ARG_INFO()
#endif
/* }}} */
/*
@ -3489,6 +3889,18 @@ const zend_function_entry ldap_functions[] = {
#ifdef HAVE_LDAP_START_TLS_S
PHP_FE(ldap_start_tls, arginfo_ldap_resource)
#endif
#ifdef HAVE_LDAP_EXTENDED_OPERATION_S
PHP_FE(ldap_exop, arginfo_ldap_exop)
#endif
#ifdef HAVE_LDAP_PASSWD_S
PHP_FE(ldap_exop_passwd, arginfo_ldap_exop_passwd)
#endif
#ifdef HAVE_LDAP_WHOAMI_S
PHP_FE(ldap_exop_whoami, arginfo_ldap_exop_whoami)
#endif
#ifdef HAVE_LDAP_PARSE_EXTENDED_RESULT
PHP_FE(ldap_parse_exop, arginfo_ldap_parse_exop)
#endif
#endif
#if defined(LDAP_API_FEATURE_X_OPENLDAP) && defined(HAVE_3ARG_SETREBINDPROC)

6
ext/ldap/tests/connect.inc
View File

@ -21,6 +21,12 @@ function ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version)
return $link;
}
function test_bind($host, $port, $user, $passwd, $protocol_version) {
$link = ldap_connect($host, $port);
ldap_set_option($link, LDAP_OPT_PROTOCOL_VERSION, $protocol_version);
return ldap_bind($link, $user, $passwd);
}
function insert_dummy_data($link, $base) {
// Create root if not there
$testBase = ldap_read($link, $base, '(objectClass=*)', array('objectClass'));

78
ext/ldap/tests/ldap_exop.phpt Normal file
View File

@ -0,0 +1,78 @@
--TEST--
ldap_exop() and ldap_parse_exop() - EXOP operations
--CREDITS--
Côme Chilliet <mcmic@php.net>
--SKIPIF--
<?php require_once('skipif.inc'); ?>
<?php require_once('skipifbindfailure.inc'); ?>
--FILE--
<?php
require "connect.inc";
$link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version);
insert_dummy_data($link, $base);
function build_reqdata_passwd($user, $oldpw, $newpw)
{
// This is basic and will only work for small strings
$hex = '';
if (!empty($user)) {
$hex .= '80'.sprintf("%'.02x", strlen($user)).bin2hex($user);
}
if (!empty($oldpw)) {
$hex .= '81'.sprintf("%'.02x", strlen($oldpw)).bin2hex($oldpw);
}
if (!empty($newpw)) {
$hex .= '82'.sprintf("%'.02x", strlen($newpw)).bin2hex($newpw);
}
return hex2bin('30'.sprintf("%'.02x", strlen($hex)/2).$hex);
}
function extract_genpw($retdata)
{
// Only works for small strings as well
return hex2bin(substr(bin2hex($retdata), 4*2));
}
$userAPassword = "oops";
// ldap_exop(resource link, string reqoid [, string reqdata [, string retoid [, string retdata]]])
// bool ldap_parse_exop(resource link, resource result [, string retoid [, string retdata]])
var_dump(
ldap_exop($link, LDAP_EXOP_WHO_AM_I, NULL, $retdata, $retoid),
$retdata,
$retoid,
$r = ldap_exop($link, LDAP_EXOP_WHO_AM_I),
ldap_parse_exop($link, $r, $retdata2),
$retdata2,
test_bind($host, $port, "cn=userA,$base", $userAPassword, $protocol_version),
$r = ldap_exop($link, LDAP_EXOP_MODIFY_PASSWD, build_reqdata_passwd("cn=userA,$base", $userAPassword, "")),
ldap_parse_exop($link, $r, $retpwdata, $retpwoid),
$genpw = extract_genpw($retpwdata),
$retpwoid,
test_bind($host, $port, "cn=userA,$base", $genpw, $protocol_version)
);
?>
===DONE===
--CLEAN--
<?php
require "connect.inc";
$link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version);
remove_dummy_data($link, $base);
?>
--EXPECTF--
bool(true)
string(%d) "dn:%s"
string(0) ""
resource(%d) of type (ldap result)
bool(true)
string(%d) "dn:%s"
bool(true)
resource(%d) of type (ldap result)
bool(true)
string(%d) "%s"
string(0) ""
bool(true)
===DONE===

41
ext/ldap/tests/ldap_exop_passwd.phpt Normal file
View File

@ -0,0 +1,41 @@
--TEST--
ldap_exop_passwd() - Changing password through EXOP
--CREDITS--
Côme Chilliet <mcmic@php.net>
--SKIPIF--
<?php require_once('skipif.inc'); ?>
<?php require_once('skipifbindfailure.inc'); ?>
--FILE--
<?php
require "connect.inc";
$link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version);
insert_dummy_data($link, $base);
// ldap_exop_passwd() allows to pass the DN, OLD and NEW passwords,
// and optionally returns the NEW password if none was passed.
// ldap_exop_passwd(resource link [, string user [, string oldpw [, string newpw [, string newpasswd ]]]])
var_dump(
$genpw = ldap_exop_passwd($link, "cn=userA,$base", "oops", ""),
$genpw = ldap_exop_passwd($link, "cn=userA,$base"),
test_bind($host, $port, "cn=userA,$base", $genpw, $protocol_version),
ldap_exop_passwd($link, "cn=userA,$base", $genpw, "newPassword"),
test_bind($host, $port, "cn=userA,$base", "newPassword", $protocol_version)
);
?>
===DONE===
--CLEAN--
<?php
require "connect.inc";
$link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version);
remove_dummy_data($link, $base);
?>
--EXPECTF--
string(%d) "%s"
string(%d) "%s"
bool(true)
bool(true)
bool(true)
===DONE===

37
ext/ldap/tests/ldap_exop_passwd_error.phpt Normal file
View File

@ -0,0 +1,37 @@
--TEST--
ldap_exop_passwd() - Giving wrong value for old password
--CREDITS--
Côme Chilliet <mcmic@php.net>
--SKIPIF--
<?php require_once('skipif.inc'); ?>
<?php require_once('skipifbindfailure.inc'); ?>
--FILE--
<?php
require "connect.inc";
$link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version);
insert_dummy_data($link, $base);
var_dump(ldap_exop_passwd($link, "cn=userA,$base", "wrongPassword", "newPassword"));
var_dump(ldap_error($link));
var_dump(ldap_errno($link));
var_dump(test_bind($host, $port, "cn=userA,$base", "newPassword", $protocol_version));
?>
===DONE===
--CLEAN--
<?php
require "connect.inc";
$link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version);
remove_dummy_data($link, $base);
?>
--EXPECTF--
Warning: ldap_exop_passwd(): Passwd modify extended operation failed: Server is unwilling to perform (53) in %s on line %d
bool(false)
string(30) "Server is unwilling to perform"
int(53)
Warning: ldap_bind(): Unable to bind to server: Invalid credentials in %s on line %d
bool(false)
===DONE===

31
ext/ldap/tests/ldap_exop_whoami.phpt Normal file
View File

@ -0,0 +1,31 @@
--TEST--
ldap_exop_whoami() - EXOP whoami operation
--CREDITS--
Côme Chilliet <mcmic@php.net>
--SKIPIF--
<?php require_once('skipif.inc'); ?>
<?php require_once('skipifbindfailure.inc'); ?>
--FILE--
<?php
require "connect.inc";
$link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version);
insert_dummy_data($link, $base);
// ldap_exop_whoami(resource link [, string authzid])
var_dump(
ldap_exop_whoami($link)
);
?>
===DONE===
--CLEAN--
<?php
require "connect.inc";
$link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version);
remove_dummy_data($link, $base);
?>
--EXPECTF--
string(%d) "dn:%s"
===DONE===

68
ext/ldap/tests/ldap_get_option_controls.phpt Normal file
View File

@ -0,0 +1,68 @@
--TEST--
ldap_get_option() and ldap_set_option() tests related to ldap controls
--CREDITS--
Côme Chilliet <mcmic@php.net>
--SKIPIF--
<?php
require_once('skipif.inc');
require_once('skipifbindfailure.inc');
?>
--FILE--
<?php
include "connect.inc";
$link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version);
insert_dummy_data($link, $base);
function build_ctrl_paged_value($int, $cookie)
{
// This is basic and will only work for small values
$hex = '';
if (!empty($int)) {
$str = sprintf("%'.02x", $int);
$hex .= '02'.sprintf("%'.02x%s", strlen($str)/2, $str);
}
$hex .= '04'.sprintf("%'.02x", strlen($cookie)).bin2hex($cookie);
return hex2bin('30'.sprintf("%'.02x", strlen($hex)/2).$hex);
}
$controls_set = array(
array(
'oid' => LDAP_CONTROL_PAGEDRESULTS,
'iscritical' => TRUE,
'value' => build_ctrl_paged_value(1, '')
)
);
var_dump(
bin2hex($controls_set[0]['value']),
ldap_get_option($link, LDAP_OPT_SERVER_CONTROLS, $controls_get),
ldap_set_option($link, LDAP_OPT_SERVER_CONTROLS, $controls_set),
ldap_get_option($link, LDAP_OPT_SERVER_CONTROLS, $controls_get),
count($controls_get),
$controls_get[0]['oid'],
$controls_get[0]['iscritical'],
bin2hex($controls_get[0]['value']),
$result = ldap_search($link, $base, "(objectClass=person)", array('cn')),
ldap_get_entries($link, $result)['count']
);
?>
===DONE===
--CLEAN--
<?php
include "connect.inc";
$link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version);
remove_dummy_data($link, $base);
?>
--EXPECTF--
string(14) "30050201010400"
bool(false)
bool(true)
bool(true)
int(1)
string(22) "1.2.840.113556.1.4.319"
bool(true)
string(14) "30050201010400"
resource(%d) of type (ldap result)
int(1)
===DONE===

42
ext/ldap/tests/ldap_get_option_variation.phpt
View File

@ -64,8 +64,42 @@ bool(true)
int(0)
bool(true)
int(0)
bool(false)
int(0)
bool(false)
int(0)
bool(true)
array(2) {
[0]=>
array(2) {
["oid"]=>
string(15) "1.2.752.58.10.1"
["iscritical"]=>
bool(true)
}
[1]=>
array(3) {
["oid"]=>
string(15) "1.2.752.58.1.10"
["iscritical"]=>
bool(false)
["value"]=>
string(5) "magic"
}
}
bool(true)
array(2) {
[0]=>
array(2) {
["oid"]=>
string(15) "1.2.752.58.10.1"
["iscritical"]=>
bool(true)
}
[1]=>
array(3) {
["oid"]=>
string(15) "1.2.752.58.1.10"
["iscritical"]=>
bool(false)
["value"]=>
string(5) "magic"
}
}
===DONE===

38
ext/ldap/tests/ldap_set_option_variation.phpt
View File

@ -76,9 +76,43 @@ bool(true)
bool(true)
bool(false)
bool(true)
int(0)
array(2) {
[0]=>
array(2) {
["oid"]=>
string(15) "1.2.752.58.10.1"
["iscritical"]=>
bool(true)
}
[1]=>
array(3) {
["oid"]=>
string(15) "1.2.752.58.1.10"
["iscritical"]=>
bool(false)
["value"]=>
string(5) "magic"
}
}
bool(true)
int(0)
array(2) {
[0]=>
array(2) {
["oid"]=>
string(15) "1.2.752.58.10.1"
["iscritical"]=>
bool(true)
}
[1]=>
array(3) {
["oid"]=>
string(15) "1.2.752.58.1.10"
["iscritical"]=>
bool(false)
["value"]=>
string(5) "magic"
}
}
bool(true)
string(14) "dc=test,dc=com"
===DONE===

2
ext/opcache/Optimizer/zend_cfg.c
View File

@ -598,6 +598,8 @@ int zend_build_cfg(zend_arena **arena, const zend_op_array *op_array, uint32_t b
/* Build CFG, Step 4, Mark Reachable Basic Blocks */
zend_mark_reachable_blocks(op_array, cfg, 0);
cfg->dynamic = (flags & ZEND_FUNC_INDIRECT_VAR_ACCESS);
if (func_flags) {
*func_flags |= flags;
}

1
ext/opcache/Optimizer/zend_cfg.h
View File

@ -92,6 +92,7 @@ typedef struct _zend_cfg {
unsigned int split_at_live_ranges : 1;
unsigned int split_at_calls : 1;
unsigned int split_at_recv : 1;
unsigned int dynamic : 1; /* accesses varables by name */
} zend_cfg;
/* Build Flags */

23
ext/opcache/Optimizer/zend_inference.c
View File

@ -3835,21 +3835,14 @@ static int zend_infer_types(const zend_op_array *op_array, const zend_script *sc
/* Narrowing integer initialization to doubles */
zend_type_narrowing(op_array, script, ssa);
for (j = 0; j < op_array->last_var; j++) {
/* $php_errormsg and $http_response_header may be updated indirectly */
if (zend_string_equals_literal(op_array->vars[j], "php_errormsg")) {
int i;
for (i = 0; i < ssa_vars_count; i++) {
if (ssa->vars[i].var == j) {
ssa_var_info[i].type |= MAY_BE_STRING | MAY_BE_RC1 | MAY_BE_RCN;
}
}
} else if (zend_string_equals_literal(op_array->vars[j], "http_response_header")) {
int i;
for (i = 0; i < ssa_vars_count; i++) {
if (ssa->vars[i].var == j) {
ssa_var_info[i].type |= MAY_BE_ARRAY | MAY_BE_ARRAY_KEY_LONG | MAY_BE_ARRAY_OF_STRING | MAY_BE_RC1 | MAY_BE_RCN;
}
for (j = 0; j < ssa_vars_count; j++) {
if (ssa->vars[j].alias) {
if (ssa->vars[j].alias == PHP_ERRORMSG_ALIAS) {
ssa_var_info[j].type |= MAY_BE_STRING | MAY_BE_RC1 | MAY_BE_RCN;
} else if (ssa->vars[j].alias == PHP_ERRORMSG_ALIAS) {
ssa_var_info[j].type |= MAY_BE_ARRAY | MAY_BE_ARRAY_KEY_LONG | MAY_BE_ARRAY_OF_STRING | MAY_BE_RC1 | MAY_BE_RCN;
} else {
ssa_var_info[j].type = MAY_BE_UNDEF | MAY_BE_RC1 | MAY_BE_RCN | MAY_BE_REF | MAY_BE_ANY | MAY_BE_ARRAY_KEY_ANY | MAY_BE_ARRAY_OF_ANY | MAY_BE_ARRAY_OF_REF;
}
}
}

16
ext/opcache/Optimizer/zend_ssa.c
View File

@ -1101,6 +1101,22 @@ int zend_ssa_compute_use_def_chains(zend_arena **arena, const zend_op_array *op_
}
}
/* Mark indirectly accessed variables */
for (i = 0; i < op_array->last_var; i++) {
if (ssa->cfg.dynamic) {
ssa_vars[i].alias = SYMTABLE_ALIAS;
} else if (zend_string_equals_literal(op_array->vars[i], "php_errormsg")) {
ssa_vars[i].alias = PHP_ERRORMSG_ALIAS;
} else if (zend_string_equals_literal(op_array->vars[i], "http_response_header")) {
ssa_vars[i].alias = HTTP_RESPONSE_HEADER_ALIAS;
}
}
for (i = op_array->last_var; i < ssa->vars_count; i++) {
if (ssa_vars[i].var < op_array->last_var) {
ssa_vars[i].alias = ssa_vars[ssa_vars[i].var].alias;
}
}
return SUCCESS;
}
/* }}} */

8
ext/opcache/Optimizer/zend_ssa.h
View File

@ -92,6 +92,13 @@ typedef struct _zend_ssa_op {
int res_use_chain;
} zend_ssa_op;
typedef enum _zend_ssa_alias_kind {
NO_ALIAS,
SYMTABLE_ALIAS,
PHP_ERRORMSG_ALIAS,
HTTP_RESPONSE_HEADER_ALIAS
} zend_ssa_alias_kind;
typedef struct _zend_ssa_var {
int var; /* original var number; op.var for CVs and following numbers for VARs and TMP_VARs */
int scc; /* strongly connected component */
@ -102,6 +109,7 @@ typedef struct _zend_ssa_var {
zend_ssa_phi *sym_use_chain; /* uses of this value in Pi constaints */
unsigned int no_val : 1; /* value doesn't mater (used as op1 in ZEND_ASSIGN) */
unsigned int scc_entry : 1;
zend_ssa_alias_kind alias : 2; /* value may be changed indirectly */
} zend_ssa_var;
typedef struct _zend_ssa_var_info {

2
ext/openssl/openssl.c
View File

@ -6057,7 +6057,7 @@ PHP_FUNCTION(openssl_seal)
buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(ctx));
EVP_CIPHER_CTX_cleanup(ctx);
if (!EVP_SealInit(ctx, cipher, eks, eksl, &iv_buf[0], pkeys, nkeys) ||
if (EVP_SealInit(ctx, cipher, eks, eksl, &iv_buf[0], pkeys, nkeys) <= 0 ||
!EVP_SealUpdate(ctx, buf, &len1, (unsigned char *)data, (int)data_len) ||
!EVP_SealFinal(ctx, buf + len1, &len2)) {
efree(buf);

27
ext/openssl/tests/74651.pem Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN CERTIFICATE-----
MIIEoDCCBAmgAwIBAgIBJzANBgkqhkiG9w0BAQQFADCBkDELMAkGA1UEFhMCUk8x
EDAOBgNVBAgTB1JvbWFuaWExEDAOBgNVBAcTB0NyYWlvdmExDzANBgNVBAoTBlNl
cmdpdTETMBEGA1UECxMKU2VyZ2l1IFNSTDESMBAGA1UEAxMJU2VyZ2l1IENBMSMw
IQYJKoZIhvcNAQkBFhRuX3NlcmdpdUBob3RtYWlsLmNvbTAeFw0wNDA1MTQxMzM0
NTZaFw0wNTA1MTQxMzM0NTZaMIGaMQswCQYDVQQGEwJSTzEQMA4GA1UECBMHUm9t
YW5pYTEQMA4GA1UEBxMHQ3JhaW92YTETMBEGA1UEChMKU2VyZ2l1IFNSTDETMBEG
A1UECxMKU2VyZ2l1IFNSTDEYMBYGA1UEAxMPU2VyZ2l1IHBlcnNvbmFsMSMwIQYJ
KoZIhvcNAQkBFhRuX3NlcmdpdUBob3RtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEF
AAOBjQAwgYkCgYEApNj7XXz8T8FcLIWpBniPYom3QcT6T7u0xRPHqtqzj5oboBYp
DJe5d354/y0gJTpiLt8+fTrPgWXnbHm3pOHgXzTcX6Arani0GDU0/xDi4VkCRGcS
YqX2sJpcDzAbmK9UDMt3xf/O1B8AJan3RfO0Bm3ozTEPziLMkmsiYr5b/L4CAwEA
AaOCAfwwggH4MAkGA1UdEwQCMAAwNQYJYIZIAYb4QgENBCgWJkZvciBHcmlkIHVz
ZSBvbmx5OyByZXF1ZXN0IHRhZyB1c2VyVGFnMBEGCWCGSAGG+EIBAQQEAwIF4DA/
BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vbW9iaWxlLmJsdWUtc29mdHdhcmUucm86
OTAvY2EvY3JsLnNodG1sMDUGCWCGSAGG+EIBCAQoFiZodHRwOi8vbW9iaWxlLmJs
dWUtc29mdHdhcmUucm86OTAvcHViLzAhBgNVHREEGjAYgRZzZXJnaXVAYmx1ZXNv
ZnR3YXJlLnJvMB0GA1UdDgQWBBSwp//5QRXeIzm93TEPl6CyonTg/DCBpwYDVR0j
BIGfMIGcoYGWpIGTMIGQMQswCQYDVQQGEwJSTzEQMA4GA1UECBMHUm9tYW5pYTEQ
MA4GA1UEBxMHQ3JhaW92YTEPMA0GA1UEChMGU2VyZ2l1MRMwEQYDVQQLEwpTZXJn
aXUgU1JMMRIwEAYDVQQDEwlTZXJnaXUgQ0ExIzAhBgkqhkiG9w0BCQEWFG5fc2Vy
Z2l1QGhvdG1haWwuY29tggEAMAsGA1UdDwQEAwIE8DAjBglghkgBhvhCAQIEFhYU
aHR0cDovLzYyLjIzMS45OC41Mi8wCwYDKgMEBAQ+52I0MA0GCSqGSIb3DQEBBAUA
A4GBAIBIOJ+iiLyQfNJEY+IMefayQea0nmuXYY+F+L1DFjSC7xChytgYoPNnKkhh
3dWPtxbswiqKYUnGi6y3Hi4UhDsOaDW29t2S305hSc2qgjOiNtRYQIVYQ8EHG1k7
Fl63S7uCOhnVJt+4MnUK1N6/pwgsp+Z2GvEsDG1qCKnvNpf6
-----END CERTIFICATE-----

17
ext/openssl/tests/bug74651.phpt Normal file
View File

@ -0,0 +1,17 @@
--TEST--
Bug #74651: negative-size-param (-1) in memcpy in zif_openssl_seal()
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip openssl not loaded");
?>
--FILE--
<?php
$inputstr = file_get_contents(__DIR__ . "/74651.pem");
$pub_key_id = openssl_get_publickey($inputstr);
var_dump($pub_key_id);
var_dump(openssl_seal($inputstr, $sealed, $ekeys, array($pub_key_id, $pub_key_id), 'AES-128-ECB'));
?>
--EXPECTF--
resource(%d) of type (OpenSSL key)
bool(false)

2
ext/pcre/pcrelib/pcre_jit_compile.c
View File

@ -7307,7 +7307,7 @@ if (opcode == OP_COND || opcode == OP_SCOND)
if (*matchingpath == OP_FAIL)
stacksize = 0;
if (*matchingpath == OP_RREF)
else if (*matchingpath == OP_RREF)
{
stacksize = GET2(matchingpath, 1);
if (common->currententry == NULL)

2
ext/standard/tests/serialize/bug25378.phpt
View File

@ -42,7 +42,7 @@ bool(false)
Notice: unserialize(): Error at offset 17 of 33 bytes in %sbug25378.php on line %d
bool(false)
Notice: unserialize(): Error at offset 33 of 32 bytes in %sbug25378.php on line %d
Notice: unserialize(): Error at offset 32 of 32 bytes in %sbug25378.php on line %d
bool(false)
Notice: unserialize(): Error at offset 2 of 13 bytes in %sbug25378.php on line %d

10
ext/standard/tests/serialize/bug74111.phpt Normal file
View File

@ -0,0 +1,10 @@
--TEST--
Bug #74111: Heap buffer overread (READ: 1) finish_nested_data from unserialize
--FILE--
<?php
$s = 'O:8:"stdClass":00000000';
var_dump(unserialize($s));
?>
--EXPECTF--
Notice: unserialize(): Error at offset 25 of 23 bytes in %s on line %d
bool(false)

2
ext/standard/tests/strings/bug70436.phpt
View File

@ -48,7 +48,7 @@ DONE
--EXPECTF--
Notice: unserialize(): Error at offset 0 of 3 bytes in %sbug70436.php on line %d
Notice: unserialize(): Error at offset 17 of 17 bytes in %sbug70436.php on line %d
Notice: unserialize(): Error at offset 16 of 17 bytes in %sbug70436.php on line %d
Notice: unserialize(): Error at offset 93 of 94 bytes in %sbug70436.php on line %d
bool(false)

2
ext/standard/tests/strings/bug72663_3.phpt
View File

@ -14,5 +14,5 @@ unserialize($poc);
?>
DONE
--EXPECTF--
Notice: unserialize(): Error at offset 51 of 50 bytes in %sbug72663_3.php on line %d
Notice: unserialize(): Error at offset 50 of 50 bytes in %sbug72663_3.php on line %d
DONE

1427
ext/standard/var_unserializer.c
View File

File diff suppressed because it is too large Load Diff

11
ext/standard/var_unserializer.re
View File

@ -474,13 +474,12 @@ string_key:
static inline int finish_nested_data(UNSERIALIZE_PARAMETER)
{
if (*((*p)++) == '}')
return 1;
if (*p >= max || **p != '}') {
return 0;
}
#if SOMETHING_NEW_MIGHT_LEAD_TO_CRASH_ENABLE_IF_YOU_ARE_BRAVE
zval_ptr_dtor(rval);
#endif
return 0;
(*p)++;
return 1;
}
static inline int object_custom(UNSERIALIZE_PARAMETER, zend_class_entry *ce)

16
ext/wddx/tests/bug74145.phpt Normal file
View File

@ -0,0 +1,16 @@
--TEST--
Bug #74145 (wddx parsing empty boolean tag leads to SIGSEGV)
--SKIPIF--
<?php
if (!extension_loaded("wddx")) print "skip";
?>
--FILE--
<?php
$data = file_get_contents(__DIR__ . '/bug74145.xml');
$wddx = wddx_deserialize($data);
var_dump($wddx);
?>
DONE
--EXPECTF--
NULL
DONE

9
ext/wddx/tests/bug74145.xml Normal file
View File

@ -0,0 +1,9 @@
<?xml version='1.0' ?>
<!DOCTYPE et SYSTEM 'w'>
<wddxPacket ven='1.0'>
<array>
<var Name="name">
<boolean ></boolean>
</var>
</array>
</wddxPacket>

7
ext/wddx/wddx.c
View File

@ -761,19 +761,16 @@ static void php_wddx_push_element(void *user_data, const XML_Char *name, const X
} else if (!strcmp((char *)name, EL_BOOLEAN)) {
int i;
ent.type = ST_BOOLEAN;
SET_STACK_VARNAME;
if (atts) for (i = 0; atts[i]; i++) {
if (!strcmp((char *)atts[i], EL_VALUE) && atts[i+1] && atts[i+1][0]) {
ent.type = ST_BOOLEAN;
SET_STACK_VARNAME;
ZVAL_TRUE(&ent.data);
wddx_stack_push((wddx_stack *)stack, &ent, sizeof(st_entry));
php_wddx_process_data(user_data, atts[i+1], strlen((char *)atts[i+1]));
break;
}
} else {
ent.type = ST_BOOLEAN;
SET_STACK_VARNAME;
ZVAL_FALSE(&ent.data);
wddx_stack_push((wddx_stack *)stack, &ent, sizeof(st_entry));
}