Commit 0782a7fc63 ("Fixed bug #74866
extension_dir = "./ext" now use current directory for base") modified
the php_load_zend_extension_cb() function to use php_load_shlib(), and
pass a handle to the newly introduced zend_load_extension_handle()
function instead of passing the extension path to
zend_load_extension().
While doing so, it introduced a call to php_load_shlib() from code
that is built even when HAVE_LIBDL is not defined. However,
php_load_shlib() is not implemented when HAVE_LIBDL is not defined,
for obvious reasons.
It turns out that zend_load_extension_handle() anyway doesn't do
anything when ZEND_EXTENSIONS_SUPPORT is defined to 0, and
ZEND_EXTENSIONS_SUPPORT is not defined when HAVE_LIBDL is not defined
(Zend/zend_portability.h).
Fixes the following build failure when building on a system that
doesn't have libdl:
main/php_ini.o: In function `php_load_zend_extension_cb':
php_ini.c:(.text+0x478): undefined reference to `php_load_shlib'
php_ini.c:(.text+0x4b0): undefined reference to `php_load_shlib'
collect2: error: ld returned 1 exit status
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
It is unused and does not work in any meaningful way:
Warnings are suppressed, but everything else (both notices and
fatals) are not. It would make some sense if it suppressed
warnings and lower, but right now this is a pointless mode.
Using the weak symbol explicit_bzero_hook does not work if LTO is
enabled. Instead avoid memset optimizations using an asm memory
barrier.
Use a fallback implementation where the memory is zeroed through
volatile.
5060fc23 attempted to fix#68948 by treating all non-uri streams
as non-blocking, however php://fd/* streams (which includes stdin)
may block if the other end of the IPC isn't finished.
This represents a partial revert to the pre RC6 state,
but includes an escape hatch for php://memory and php://temp
streams which are local to the current process.
This also restores stream_set_chunk_size test to previous state.
* master:
Use per-request heap instead of system one
Extend zend_register_class_alias_ex() with additional argument to allow creating persistent or per-request aliases
Makrk persistent resources and references with GC_PERSISTENT flag
Prohibit direct update of GC_REFCOUNT(), GC_SET_REFCOUNT(), GC_ADDREF() and GC_DELREF() shoukf be instead.
Added mactros to validate reference-counting (disabled for now).
These macros are going to be used to eliminate race-condintions during reference-counting on data shared between threads.
The zend_signals_activate() function is called in php_request_startup()
even if `--disable-zend-signals` is used. This causes uninitialized
variables to be used on ZTS builds.
This was removed in 7.1 in c870633. Removing guards from the SAPIs
should be fine, but removing the guard from main/main.c prevents anyone
using the static embedded library to integrate PHP into their programs.
For more details, see the "Additional remark" section in
https://bugs.php.net/bug.php?id=74149
The apache_hooks SAPI has been removed since PHP >= 7.0 and there is no
need to have two different php_request_startup definitions.
Also php_request_startup_for_hook() and php_request_shutdown_for_hook() functions
are not used in the PHP source code directly anymore. They are out of sync and
are not touched when making changes to the shutdown sequence.
The php_start_sapi() function was therefore not used anymore and is
removed.
This patch however does not drop support for the BeOS compatible variant, Haiku, see Github PR #2697 which is currently a WiP
I intentionally left out some fragments for BeOS in the build system for that seems to be bundles
Having `int` there is no real profit in the size or speed, while unsigned
improves security and overall integration. ZPP supplied strings can
be then accepted directly and structs can be still handled with smaller
unsigned types for size reasons, which is safe. Yet some related places
are to go.
basic move tsrm_realpath_r to size_t
fix conditions and sync with affected places
touch ocurrences of php_sys_readlink usage
follow up on phar path handling
remove duplicated check
move zend_resolve_path and related pieces to size_t
touch yet resolve path related places
remove cast
missing pieces
missing piece
yet cleanups for php_sys_readlink for ssize_t
fix wrong return
* PHP-7.2:
Keep resource of enclosing stream, because it may be referenced from other place(s). This fixes valgrind warnings on Zend/tests/type_declarations/scalar_basic.phpt
TS related VCWD routines depend on CWD. Thus, a premature CWD
deactivation renders the VCWD layer unusable. Same issue seems to
persist in versions < 7.2, just that the code path is actually unused so
the issue didn't show up. Still might make sense to backport this into
lower branches.
Allow extension name as INI 'extension=' and dl() argument
No BC break, as file name is still accepted.
When using the '-z' command line option (CLI/CGI), an absolute file name must still be provided (nothing changed here)
Change comments in example INI files
Make sure the hash entry is an array.
The origin fix broke support for HOST/PATH ini sections. Only the
beginning of the string has to match. Revert this check but use
zend_binary_strncasecmp instead of strncasecmp.
Per unix(7):
abstract: an abstract socket address is distinguished (from a
pathname socket) by the fact that sun_path[0] is a null byte
('\0'). The socket's address in this namespace is given by the
additional bytes in sun_path that are covered by the specified
length of the address structure. (Null bytes in the name have no
special significance.) The name has no connection with filesystem
pathnames. When the address of an abstract socket is returned,
the returned addrlen is greater than sizeof(sa_family_t) (i.e.,
greater than 2), and the name of the socket is contained in the
first (addrlen - sizeof(sa_family_t)) bytes of sun_path.
The existing implementation was assuming significance in null bytes
contained in the abstract address identifier.
musl libc is complaining when <sys/poll.h> is used instead of <poll.h>
so change this.
This issue was reported for OpenWrt/LEDE where musl libc is the standard
C library instead of e.g. glibc, see the following link for the original PR:
https://github.com/openwrt/packages/pull/4263
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
--
v3: refined checks/fallback paths as suggested by @bukka
v2: rebased to resolve merge conflict in main/php_network.h
v1: initial PR
While the case in bug #74429 is not documented and is only worky due to
an implementation bug, the strength seems to breach some real world
apps. Given this patch doesn't impact the initial security fix for
bug #74216, it is reasonable to let the apps keep working. As mentioned
in the ticket, this behavior is a subject to change in future versions
and should not be abused.
```
In file included from /usr/local/include/php/main/php_network.h:124:0,
from /var/www/html/php-ext-handlersocketi-0.0.1/hs_response.c:3:
/usr/include/sys/poll.h:1:2: warning: #warning redirecting incorrect #include <sys/poll.h> to <poll.h> [-Wcpp]
#warning redirecting incorrect #include <sys/poll.h> to <poll.h>
^
```
For historical reasons, fsockopen() accepts the port and hostname
separately: fsockopen('127.0.0.1', 80)
However, with the introdcution of stream transports in PHP 4.3,
it became possible to include the port in the hostname specifier:
fsockopen('127.0.0.1:80')
Or more formally: fsockopen('tcp://127.0.0.1:80')
Confusing results when these two forms are combined, however.
fsockopen('127.0.0.1:80', 443) results in fsockopen() attempting
to connect to '127.0.0.1:80:443' which any reasonable stack would
consider invalid.
Unfortunately, PHP parses the address looking for the first colon
(with special handling for IPv6, don't worry) and calls atoi()
from there. atoi() in turn, simply stops parsing at the first
non-numeric character and returns the value so far.
The end result is that the explicitly supplied port is treated
as ignored garbage, rather than producing an error.
This diff replaces atoi() with strtol() and inspects the
stop character. If additional "garbage" of any kind is found,
it fails and returns an error.
Hereby, interned strings are supported in thread safe PHP. The patch
implements two types of interned strings
- interning per process, strings are not freed till process end
- interning per request, strings are freed at request end
There is no runtime interning.
With Opcache, all the permanent iterned strings are copied into SHM on
startup, additional copying into SHM might happen on demand.
* PHP_OS_FAMILY is now a macro, to allow extensions to take advantage of it, it is defined in php.h
* Values are not upper-case-first, not always uppercase. Windows is no longer just "Win", if we want the short version for testing then PHP_OS is always WINNT anyway
As in previous variant, locking is removed and the initialization
is done only once at process start. The CNG API turns out to be
faster, also the initialization is less resources hungry. The
initialization part could need to be improved, if too much startup
failures are sighted in the real world usage. Though that would mean
having locking back.
The usage of CNG was already pointed out and requested in several
reports, with the further refactoring it appears to make sense and
simplify things a backward compatible way.
This reverts commit 23bd7bcde0.
Looks like this change is unstable. If same CSP is use but multiple processers,
the initialization failures are possible. Thus, CryptAcquireContext in
every process, even if it won't be used at all, is not sensible. This
might actually motivate to look for better CSP APIs.
Merge branch 'master' of github.com:commercebyte/php-src
* 'master' of github.com:commercebyte/php-src:
Added EG(flags) - executor global flags EG_FLAGS_IN_SHUTDOWN - is set when PHP is in shutdown state
newly added zend_object_store.no_reuse is redefined as a global zend_object_store_no_reuse, to avoid alignment issues
Alignment fix, as per @nikic
The test scripts bug64720.phpt and bug68652.phpt were relying on the buggy behavior, when PHP returns "Undefined static property" error due to class entry corruption. With my fix for bug 74053, both tests return no errors now, I corrected the EXPECTF accordingly
Bug Fix: Corrupted class entries on shutdown when a destructor spawns another object (C) 2017 CommerceByte Consulting
