Commit Graph

115151 Commits

Author SHA1 Message Date
manuel
5787f91c55 Fix #80838: HTTP wrapper waits for HTTP 1 response after HTTP 101
Don't wait for further responses after a HTTP 101 (Switching Protocols) response

Closes GH-6730.
2021-03-08 14:36:31 +01:00
George Wang
8fc0bdfb0a Merge branch 'PHP-7.4' of git.php.net:php-src into PHP-7.4 2021-03-05 10:57:46 -05:00
George Wang
797edd6211 LiteSpeed SAPI v7.9: Process manager keeps forked child process alive for longer time based on load. Reduces PM overhead for busy setup. 2021-03-05 10:46:12 -05:00
Christoph M. Becker
e0e167e581 Print error code if CreateMutex() fails
This issue came up recently in a bug report[1]; without the error code,
users can barely guess why the function failed.

[1] <https://bugs.php.net/80812>

Closes GH-6745.
2021-03-05 15:06:18 +01:00
Christoph M. Becker
51e2015af3 Fix #78719: http wrapper silently ignores long Location headers
When opening HTTP streams, and reading the headers, we currently
discard header lines longer than `HTTP_HEADER_BLOCK_SIZE` (1024 bytes).
While this is not generally forbidden by RFC 7230, section 3.2.5, it
is not generally allowed either, since that may change the "message
framing or response semantics".

We thus fix this by allowing arbitrarily long header lines.

Closes GH-6720.
2021-03-03 10:45:25 +01:00
Christoph M. Becker
71297a254b Fix #80751: Comma in recipient name breaks email delivery
So far, `SendText()` simply separates potential email address lists at
any comma, disregarding that commas inside a quoted-string do not
delimit addresses.  We fix that by introducing an own variant of
`strtok_r()` which caters to quoted-strings.

We also make `FormatEmailAddress()` aware of quoted strings.

We do not cater to email address comments, and potentially other quirks
of RFC 5322 email addresses, but catering to quoted-strings is supposed
to solve almost all practical use cases.

Co-authored-by: Nikita Popov <nikita.ppv@gmail.com>

Closes GH-6735.
2021-03-01 18:46:21 +01:00
Nikita Popov
2c508c4d40 Always remove HT iterators, even for uninit HT
Fixes oss-fuzz #31423.
2021-03-01 16:22:11 +01:00
Nikita Popov
e857936518 Fixed bug #80805
Handle missing result_var in binary_op_result_type.

(cherry picked from commit 8446e28275)
2021-03-01 15:13:15 +01:00
Felipe Pena
988c3f9659 Fix memleak on ReflectionFunction and ReflectionGenerator classes when calling __construct after instantiation 2021-02-25 20:53:14 +00:00
Remi Collet
ae0585c98e skip test with openssl < 1.1.0
The test fails, but without any crash
(this test is designed to catch a crash)
2021-02-25 13:52:35 +01:00
Dylan K. Taylor
a480bf8093 Capture Microsoft-defined HRESULT exit codes exit codes
The lack of such a check leads to false-passes of tests on Windows
which expect no output, but produce a segfault or similar issue. I
discovered this a while ago due to bad tests in an extension I maintain.

Closes GH-6722.
2021-02-25 12:01:04 +01:00
Daniel Black
8309c04464 mysqlnd pam fix test error message
Closes GH-6727.
2021-02-25 09:51:51 +01:00
Nikita Popov
766f827e26 Fix potential file collision in dom tests 2021-02-24 21:30:20 +01:00
Felipe Pena
3ec37a74a2 Fix bug #80757 (Exit code is 0 when could not open file) 2021-02-24 18:50:27 +00:00
Felipe Pena
78b0a85de6 Update NEWS 2021-02-24 18:40:32 +00:00
Christoph M. Becker
67bb06cc9b Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
  run-tests: fixed exit code not being set on BORKED tests
2021-02-23 13:15:30 +01:00
Dylan K. Taylor
729cd8bacd run-tests: fixed exit code not being set on BORKED tests
When no test paths are specified this shows up when 'make test' is used on a PECL extension without specifying tests to run (or in php-src too, I guess...)

Closes GH-6717.
2021-02-23 12:50:03 +01:00
Christoph M. Becker
81396ea890 Update php_version.h to proper version number 2021-02-23 12:09:06 +01:00
Christoph M. Becker
963e50c8c4 Fix #75776: Flushing streams with compression filter is broken
First, the `bzip2.compress` filter has the same issue as `zlib.deflate`
so we port the respective fix[1] to ext/bz2.

Second, there is still an issue, if a stream with an attached
compression filter is flushed before it is closed, without any writes
in between.  In that case, the compression is never finalized.  We fix
this by enforcing a `_php_stream_flush()` with the `closing` flag set
in `_php_stream_free()`, whenever a write filter is attached.  This
call is superfluous for most write filters, but does not hurt, even
when it is unnecessary.

[1] <http://git.php.net/?p=php-src.git;a=commit;h=20e75329f2adb11dd231852c061926d0e4080929>

Closes GH-6703.
2021-02-22 15:28:46 +01:00
Christoph M. Becker
073b6ea818 Fix #80771: phpinfo(INFO_CREDITS) displays nothing in CLI
There is no good reason not to show the credits in text based SAPIs,
except for brevity.  Thus, we suppress the credits from `php -i`.

Closes GH-6710.
2021-02-22 14:31:51 +01:00
Christoph M. Becker
d7c98ca1ac Fix #80774: session_name() problem with backslash
Since we do no longer URL decode cookie names[1], we must not URL
encode the session name.  We need to prevent broken Set-Cookie headers,
by rejecting names which contain invalid characters.

[1] <http://git.php.net/?p=php-src.git;a=commit;h=6559fe912661ca5ce5f0eeeb591d928451428ed0>

Closes GH-6711.
2021-02-22 12:32:56 +01:00
Nikita Popov
6dd85f83f7 Fixed bug #80781
zend_find_array_dim_slow() may throw, make sure to handle this.
This backports the code we already use for this on PHP-8.0,
and also backports an exception check that makes this easier to
catch.
2021-02-22 09:36:43 +01:00
Christoph M. Becker
84b6152842 Fix #80763: msgfmt_format() does not accept DateTime references
`intl_zval_to_millis()` needs to cater to references.

Closes GH-6707.
2021-02-17 17:26:48 +01:00
Nikita Popov
9552cf6b84 Handle incomplete result set metadata more gracefully
Rather than segfaulting because sname is missing lateron, report
a FAIL here. As this indicates a server bug, the errors is reported
as an out of band warning, rather than a client error.

This fixes the PHP side of bug #80713.
2021-02-16 15:34:14 +01:00
Derick Rethans
2d858fbfb1 Fixed dates 2021-02-16 11:31:34 +00:00
Derick Rethans
6d3d9104e6 PHP-7.4 is now 7.4.17-dev 2021-02-16 11:26:47 +00:00
Nikita Popov
7566742754 Suppress OpenSSL error on missing optional config
openssl_pkey_new() fetches various options from the config file --
most of these are optional, and not specifying them is not an error
condition from the perspective of the user. Unfortunately, the
CONF_get_string() API pushes an error when accessing a key that
doesn't exist (_CONF_get_string does not, but that is presumably a
private API). This commit adds a helper php_openssl_conf_get_string()
that automatically clears the error in this case. I've found that
OpenSSL occasionally does the same thing internally:
22040fb790/apps/req.c (L515-L517)

Closes GH-6699.
2021-02-16 10:11:00 +01:00
Nikita Popov
64b1085464 Fixed bug #80747
If RSA key generation fails, actually report that failure.
2021-02-15 15:34:01 +01:00
Nikita Popov
7b7d99839c Fix symtable cache being used while cleaning symtable
We need to first clean the symtable and then check whether a cache
slot is available for it. Otherwise, it may happen that a destructor
runs while cleaning the table and uses up all the remaining slots
in the cache.

This is particularly insidious because once we overflow the cache,
the first pointer we modify is symtable_cache_ptr, making it hard
to understand what happened after the fact.

Fixes oss-fuzz #30815.
2021-02-15 14:58:38 +01:00
Daniel Black
3646604203 Fix #78680: mysqlnd pam plugin missing terminating null
The PAM service requires the terminating null to be part
of the communication.

Tested with MariaDB-10.4(pam) and Percona Server 5.7.32(auth_pam_compat).

Also changed MySQL Enterprise test to the server side plugin, authentication_pam
as opposed to the client plugin mysql_clear_password.

Add additional check for pamtest user and pam service file as
all are required for the test.

More importantly, test result should actually succeed.

Thanks Geoff Montee for bug report.

Closes GH-78680.
2021-02-15 11:32:07 +01:00
Nikita Popov
44a80b64b9 Fix leak when breaking out of FilesystemIterator
We need to always destroy current, not just when iter.data is not
set.

Take this opportunity to clean up the iterator destructor code a
bit, to remove redundant checks and incorrect comments.
2021-02-15 10:37:59 +01:00
Nikita Popov
c34c523467 Fixed bug #80719 2021-02-11 16:12:06 +01:00
Christoph M. Becker
4f508003a9 Avoid C4090 level 1 warning
This breaks the build for PHP 8 by default.
2021-02-08 23:11:37 +01:00
Christoph M. Becker
03713ace23 Fix locale dependent parsing of PostgreSQL version number
Version numbers are not supposed to be localized, so we must not apply
locale dependent parsing with `atof()`.

Using `php_version_compare()` might even be better.

Closes GH-6668.
2021-02-08 18:57:08 +01:00
Christoph M. Becker
ca7547c9e2 Fix #80706: mail(): Headers after Bcc headers may be ignored
We need to handle the case where a CRLF after a Bcc header is not the
beginning of a folding marker, because in that case the Bcc header was
not the last "thing".

Closes GH-6666.
2021-02-08 18:42:31 +01:00
Christoph M. Becker
4ff2665509 Use ST_Y() instead of the deprecated/removed Y() in test 2021-02-05 14:53:19 +01:00
Christoph M. Becker
3f8d21b922 Fix #74779: x() and y() truncating floats to integers
We must not use the locale dependent `atof()`, but instead use the
(hopefully) locale independent `zend_strtod()`, when converting string
representations of floating point numbers which are sent by the server.

Closes GH-6665.
2021-02-05 13:09:59 +01:00
Nikita Popov
8b7aaad7d6 Try SIGTERM before SIGKILL in opcache restart
SIGTERM is subject to HANDLE_BLOCK_INTERRUPTIONS(), which will
allow code to exit critical sections before it gets terminated.

Closes GH-6493.
2021-02-04 17:07:18 +01:00
Christoph M. Becker
958e3b93c3 [ci skip] Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
  Fix newly introduced compiler warning
2021-02-03 12:43:40 +01:00
Nikita Popov
06c9633b43 Fix newly introduced compiler warning
(cherry picked from commit ab8177de2c)
2021-02-03 12:42:28 +01:00
Christoph M. Becker
1bb2a4f91c Fix #53467: Phar cannot compress large archives
When Phars are flushed, a new temporary file is created for each entry
which should be compressed, and the `compressed_filesize` is retrieved.
Afterwards, the Phar manifest is written, and only after that the files
are copied to the actual Phar.  So for each such entry there is an open
temp file, what easily exceeds the limit.

Therefore, we use a single temporary file for all entries, and store
the start offset in the otherwise unused `header_offset` member.  We
ensure that the `cfp` members are properly set to NULL even if flushing
fails, to avoid use after free scenarios.

This solution is based on a suggestion by @lserni[1].

Closes GH-6643.

[1] <https://github.com/box-project/box2/issues/80#issuecomment-77147371>
2021-02-03 11:22:37 +01:00
Christoph M. Becker
3d09626f0d [ci skip] Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
  7.3.28 is next
2021-02-02 17:07:16 +01:00
Christoph M. Becker
039ca4e219 7.3.28 is next 2021-02-02 17:01:55 +01:00
Peter Kokot
8c04944b66 Update year to 2021
Closes GH-6636.
2021-02-02 16:46:16 +01:00
Nikita Popov
54fa0a69f8 Add missing derefs in CurlFile
As pointed out on GH-6456.
2021-02-02 10:31:16 +01:00
Nikita Popov
51d76c346e Fix persistent leak on load_wsdl_ex failure
Move the load_wsdl_ex call into the zend_try that destroys the
docs hash table. The wsdl will be inserted into docs early on,
and will thus be released on subsequent bailout.
2021-02-02 10:05:35 +01:00
Christoph M. Becker
675a9b2831 Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
  Revert "Updated to version 2021.1 (2021a)"
2021-02-01 13:42:43 +01:00
Christoph M. Becker
57257a4335 Revert "Updated to version 2021.1 (2021a)"
This reverts commit 491488d217, since
PHP-7.3 is in security mode, and this does not look security related.
2021-02-01 13:41:32 +01:00
Christoph M. Becker
7e9479083d Fix #80654: file_get_contents() maxlen fails above (2**31)-1 bytes
We remove the arbitrary restriction to `INT_MAX`; it is superfluous on
32bit systems where `ZEND_LONG_MAX == INT_MAX` anyway, and not useful
on 64bit systems, where larger files should be readable, if the
`memory_limit` is large enough.

Closes GH-6648.
2021-02-01 12:57:40 +01:00
Nikita Popov
217b9e7b41 Fix Laravel build on community job
Now requires PHP 7.4, so use php7.4 to run composer everywhere.
2021-02-01 09:48:14 +01:00