[Secure-testing-commits] r15916 - in data/patches/MOPB: . php4-etch php4-sarge
Michael Gilbert
gilbert-guest at alioth.debian.org
Tue Jan 18 02:17:42 UTC 2011
Author: gilbert-guest
Date: 2011-01-18 02:17:42 +0000 (Tue, 18 Jan 2011)
New Revision: 15916
Removed:
data/patches/MOPB/MOPB-04-php4.diff
data/patches/MOPB/MOPB-10-php5.diff
data/patches/MOPB/MOPB-14-php5.diff
data/patches/MOPB/MOPB-15-php5.diff
data/patches/MOPB/MOPB-18-php5.diff
data/patches/MOPB/MOPB-19-php5.diff
data/patches/MOPB/MOPB-22-php5.diff
data/patches/MOPB/MOPB-24-php5.diff
data/patches/MOPB/MOPB-26-php4.diff
data/patches/MOPB/MOPB-26-php5.diff
data/patches/MOPB/MOPB-29-php5.diff
data/patches/MOPB/MOPB-30-php5.diff
data/patches/MOPB/MOPB-32-php4.diff
data/patches/MOPB/MOPB-34-php5.diff
data/patches/MOPB/MOPB-35-php4.diff
data/patches/MOPB/MOPB-41-php5.diff
data/patches/MOPB/MOPB-42-php5.diff
data/patches/MOPB/MOPB-44-php5.diff
data/patches/MOPB/MOPB-45-php5.diff
data/patches/MOPB/php4-etch/069-CVE-2007-0910-updated-for-MOPB-32.patch
data/patches/MOPB/php4-etch/071-CVE-2007-1380-MOPB-10.patch
data/patches/MOPB/php4-etch/072-CVE-2007-1718-MOPB-34.patch
data/patches/MOPB/php4-etch/073-CVE-2007-1521-MOPB-22.patch
data/patches/MOPB/php4-etch/074-CVE-2007-1286-MOPB-04.patch
data/patches/MOPB/php4-sarge/CVE-2007-0910-updated-for-MOPB-32.patch
data/patches/MOPB/php4-sarge/CVE-2007-1286-MOPB-04.patch
data/patches/MOPB/php4-sarge/CVE-2007-1380-MOPB-10.patch
data/patches/MOPB/php4-sarge/CVE-2007-1521-MOPB-22.patch
Log:
remove old php patch files (these are already in the php source anyway)
Deleted: data/patches/MOPB/MOPB-04-php4.diff
===================================================================
--- data/patches/MOPB/MOPB-04-php4.diff 2011-01-18 02:17:33 UTC (rev 15915)
+++ data/patches/MOPB/MOPB-04-php4.diff 2011-01-18 02:17:42 UTC (rev 15916)
@@ -1,33 +0,0 @@
---- var_unserializer.c 2006/08/09 23:29:17 1.18.4.24.2.7
-+++ var_unserializer.c 2006/10/27 08:35:25 1.18.4.24.2.8
-@@ -18,7 +18,7 @@
- +----------------------------------------------------------------------+
- */
-
--/* $Id: var_unserializer.c,v 1.18.4.24.2.7 2006/08/09 23:29:17 nlopess Exp $ */
-+/* $Id: var_unserializer.c,v 1.18.4.24.2.8 2006/10/27 08:35:25 sesser Exp $ */
-
- #include "php.h"
- #include "ext/standard/php_var.h"
-@@ -958,6 +958,10 @@
-
- if (*rval == *rval_ref) return 0;
-
-+ if ((*rval_ref)->refcount > 65500) {
-+ return 0;
-+ }
-+
- if (*rval != NULL) {
- zval_ptr_dtor(rval);
- }
-@@ -999,6 +1003,10 @@
-
- id = parse_iv(start + 2) - 1;
- if (id == -1 || var_access(var_hash, id, &rval_ref) != SUCCESS) {
-+ return 0;
-+ }
-+
-+ if ((*rval_ref)->refcount > 65500) {
- return 0;
- }
-
Deleted: data/patches/MOPB/MOPB-10-php5.diff
===================================================================
--- data/patches/MOPB/MOPB-10-php5.diff 2011-01-18 02:17:33 UTC (rev 15915)
+++ data/patches/MOPB/MOPB-10-php5.diff 2011-01-18 02:17:42 UTC (rev 15916)
@@ -1,16 +0,0 @@
-# http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.22&r2=1.417.2.8.2.23&pathrev=PHP_5_2&view=patch
-# http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.26&r2=1.417.2.8.2.27&pathrev=PHP_5_2&view=patch
---- php-src/ext/session/session.c 2006/12/26 16:53:47 1.417.2.8.2.22
-+++ php-src/ext/session/session.c 2006/12/31 22:25:55 1.417.2.8.2.23
-@@ -471,6 +471,11 @@
- for (p = val; p < endptr; ) {
- zval **tmp;
- namelen = *p & (~PS_BIN_UNDEF);
-+
-+ if (namelen < 0 || namelen > PS_BIN_MAX || (p + namelen) >= endptr) {
-+ return FAILURE;
-+ }
-+
- has_value = *p & PS_BIN_UNDEF ? 0 : 1;
-
- name = estrndup(p + 1, namelen);
Deleted: data/patches/MOPB/MOPB-14-php5.diff
===================================================================
--- data/patches/MOPB/MOPB-14-php5.diff 2011-01-18 02:17:33 UTC (rev 15915)
+++ data/patches/MOPB/MOPB-14-php5.diff 2011-01-18 02:17:42 UTC (rev 15916)
@@ -1,55 +0,0 @@
-# http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.45&r2=1.445.2.14.2.49&pathrev=PHP_5_2&view=patch
-# http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/strings/substr_compare.phpt?r1=1.1.2.2&r2=1.1.2.2.2.1&pathrev=PHP_5_2&view=patch
---- php-src/ext/standard/string.c 2007/03/03 15:46:29 1.445.2.14.2.45
-+++ php-src/ext/standard/string.c 2007/03/08 00:47:04 1.445.2.14.2.49
-@@ -4642,18 +4642,20 @@
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Offset should be greater than or equal to 0.");
- RETURN_FALSE;
- }
-- p += Z_LVAL_PP(offset);
-- if (p > endp) {
-+
-+ if (Z_LVAL_PP(offset) > Z_STRLEN_PP(haystack)) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Offset value %ld exceeds string length.", Z_LVAL_PP(offset));
- RETURN_FALSE;
- }
-+ p += Z_LVAL_PP(offset);
-+
- if (ac == 4) {
- convert_to_long_ex(length);
- if (Z_LVAL_PP(length) <= 0) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length should be greater than 0.");
- RETURN_FALSE;
- }
-- if ((p + Z_LVAL_PP(length)) > endp) {
-+ if (Z_LVAL_PP(length) > (Z_STRLEN_PP(haystack) - Z_LVAL_PP(offset))) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length value %ld exceeds string length.", Z_LVAL_PP(length));
- RETURN_FALSE;
- }
-@@ -5074,8 +5076,13 @@
- offset = (offset < 0) ? 0 : offset;
- }
-
-- if ((offset + len) > s1_len) {
-+ if(offset > s1_len) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "The start position cannot exceed initial string length");
-+ RETURN_FALSE;
-+ }
-+
-+ if(len > s1_len - offset) {
-+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "The length cannot exceed initial string length");
- RETURN_FALSE;
- }
-
-diff -uNrp php5-5.1.6-unpatched/ext/standard/tests/strings/substr_compare.phpt php5-5.1.6/ext/standard/string.c
---- php5-5.1.6-unpatched/ext/standard/tests/strings/substr_compare.phpt 2007-04-23 16:12:26.000000000 -0700
-+++ php5-5.1.6/ext/standard/tests/strings/substr_compare.phpt 2007-04-23 16:16:15.000000000 -0700
-@@ -24,7 +24,7 @@
- int(1)
- int(-1)
-
--Warning: substr_compare(): The start position cannot exceed initial string length in %s on line %d
-+Warning: substr_compare(): The length cannot exceed initial string length in %s on line %d
- bool(false)
-
- Warning: substr_compare() expects parameter 5 to be boolean, object given in %s on line %d
Deleted: data/patches/MOPB/MOPB-15-php5.diff
===================================================================
--- data/patches/MOPB/MOPB-15-php5.diff 2011-01-18 02:17:33 UTC (rev 15915)
+++ data/patches/MOPB/MOPB-15-php5.diff 2011-01-18 02:17:42 UTC (rev 15916)
@@ -1,91 +0,0 @@
-# http://cvs.php.net/viewvc.cgi/php-src/ext/shmop/shmop.c?r1=1.31.2.2.2.1&r2=1.31.2.2.2.2&pathrev=PHP_5_2&view=patch
---- php-src/ext/shmop/shmop.c 2006/11/03 14:46:48 1.31.2.2.2.1
-+++ php-src/ext/shmop/shmop.c 2006/12/30 20:21:25 1.31.2.2.2.2
-@@ -78,6 +78,16 @@
- ZEND_GET_MODULE(shmop)
- #endif
-
-+#define PHP_SHMOP_GET_RES \
-+ shmop = zend_list_find(shmid, &type); \
-+ if (!shmop) { \
-+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "no shared memory segment with an id of [%lu]", shmid); \
-+ RETURN_FALSE; \
-+ } else if (type != shm_type) { \
-+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "not a shmop resource"); \
-+ RETURN_FALSE; \
-+ } \
-+
- /* {{{ rsclean
- */
- static void rsclean(zend_rsrc_list_entry *rsrc TSRMLS_DC)
-@@ -201,13 +211,8 @@
- return;
- }
-
-- shmop = zend_list_find(shmid, &type);
-+ PHP_SHMOP_GET_RES
-
-- if (!shmop) {
-- php_error_docref(NULL TSRMLS_CC, E_WARNING, "no shared memory segment with an id of [%lu]", shmid);
-- RETURN_FALSE;
-- }
--
- if (start < 0 || start > shmop->size) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "start is out of range");
- RETURN_FALSE;
-@@ -241,12 +246,7 @@
- return;
- }
-
-- shmop = zend_list_find(shmid, &type);
--
-- if (!shmop) {
-- php_error_docref(NULL TSRMLS_CC, E_WARNING, "no shared memory segment with an id of [%lu]", shmid);
-- RETURN_FALSE;
-- }
-+ PHP_SHMOP_GET_RES
-
- zend_list_delete(shmid);
- }
-@@ -264,12 +264,7 @@
- return;
- }
-
-- shmop = zend_list_find(shmid, &type);
--
-- if (!shmop) {
-- php_error_docref(NULL TSRMLS_CC, E_WARNING, "no shared memory segment with an id of [%lu]", shmid);
-- RETURN_FALSE;
-- }
-+ PHP_SHMOP_GET_RES
-
- RETURN_LONG(shmop->size);
- }
-@@ -290,12 +285,7 @@
- return;
- }
-
-- shmop = zend_list_find(shmid, &type);
--
-- if (!shmop) {
-- php_error_docref(NULL TSRMLS_CC, E_WARNING, "no shared memory segment with an id of [%lu]", shmid);
-- RETURN_FALSE;
-- }
-+ PHP_SHMOP_GET_RES
-
- if ((shmop->shmatflg & SHM_RDONLY) == SHM_RDONLY) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "trying to write to a read only segment");
-@@ -326,12 +316,7 @@
- return;
- }
-
-- shmop = zend_list_find(shmid, &type);
--
-- if (!shmop) {
-- php_error_docref(NULL TSRMLS_CC, E_WARNING, "no shared memory segment with an id of [%lu]", shmid);
-- RETURN_FALSE;
-- }
-+ PHP_SHMOP_GET_RES
-
- if (shmctl(shmop->shmid, IPC_RMID, NULL)) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "can't mark segment for deletion (are you the owner?)");
Deleted: data/patches/MOPB/MOPB-18-php5.diff
===================================================================
--- data/patches/MOPB/MOPB-18-php5.diff 2011-01-18 02:17:33 UTC (rev 15915)
+++ data/patches/MOPB/MOPB-18-php5.diff 2011-01-18 02:17:42 UTC (rev 15916)
@@ -1,166 +0,0 @@
---- sanitizing_filters.c 2006/10/03 11:42:23 1.11.2.5
-+++ sanitizing_filters.c 2006/12/18 15:02:16 1.11.2.7
-@@ -27,52 +27,29 @@
- /* }}} */
-
- /* {{{ HELPER FUNCTIONS */
--static void php_filter_encode_html(zval *value, const char* chars, int encode_nul)
-+static void php_filter_encode_html(zval *value, const unsigned char *chars)
- {
-- register int x, y;
- smart_str str = {0};
- int len = Z_STRLEN_P(value);
-- char *s = Z_STRVAL_P(value);
-+ unsigned char *s = (unsigned char *)Z_STRVAL_P(value);
-+ unsigned char *e = s + len;
-
- if (Z_STRLEN_P(value) == 0) {
- return;
- }
-
-- for (x = 0, y = 0; len--; x++, y++) {
-- if (strchr(chars, s[x]) || (encode_nul && s[x] == 0)) {
-+ while (s < e) {
-+ if (chars[*s]) {
- smart_str_appendl(&str, "&#", 2);
-- smart_str_append_long(&str, s[x]);
-+ smart_str_append_unsigned(&str, (unsigned long)*s);
- smart_str_appendc(&str, ';');
- } else {
-- smart_str_appendc(&str, s[x]);
-+ /* XXX: this needs to be optimized to work with blocks of 'safe' chars */
-+ smart_str_appendc(&str, *s);
- }
-+ s++;
- }
-- smart_str_0(&str);
-- efree(Z_STRVAL_P(value));
-- Z_STRVAL_P(value) = str.c;
-- Z_STRLEN_P(value) = str.len;
--}
--
--static void php_filter_encode_html_high_low(zval *value, long flags)
--{
-- register int x, y;
-- smart_str str = {0};
-- int len = Z_STRLEN_P(value);
-- unsigned char *s = (unsigned char *)Z_STRVAL_P(value);
-
-- if (Z_STRLEN_P(value) == 0) {
-- return;
-- }
--
-- for (x = 0, y = 0; len--; x++, y++) {
-- if (((flags & FILTER_FLAG_ENCODE_LOW) && (s[x] < 32)) || ((flags & FILTER_FLAG_ENCODE_HIGH) && (s[x] > 127))) {
-- smart_str_appendl(&str, "&#", 2);
-- smart_str_append_unsigned(&str, s[x]);
-- smart_str_appendc(&str, ';');
-- } else {
-- smart_str_appendc(&str, s[x]);
-- }
-- }
- smart_str_0(&str);
- efree(Z_STRVAL_P(value));
- Z_STRVAL_P(value) = str.c;
-@@ -181,9 +158,28 @@
- void php_filter_string(PHP_INPUT_FILTER_PARAM_DECL)
- {
- size_t new_len;
--
-+ unsigned char enc[256] = {0};
-+
-+ /* strip high/strip low ( see flags )*/
-+ php_filter_strip(value, flags);
-+
-+ if (!(flags & FILTER_FLAG_NO_ENCODE_QUOTES)) {
-+ enc['\''] = enc['"'] = 1;
-+ }
-+ if (flags & FILTER_FLAG_ENCODE_AMP) {
-+ enc['&'] = 1;
-+ }
-+ if (flags & FILTER_FLAG_ENCODE_LOW) {
-+ memset(enc, 1, 32);
-+ }
-+ if (flags & FILTER_FLAG_ENCODE_HIGH) {
-+ memset(enc + 127, 1, sizeof(enc) - 127);
-+ }
-+
-+ php_filter_encode_html(value, enc);
-+
- /* strip tags, implicitly also removes \0 chars */
-- new_len = php_strip_tags(Z_STRVAL_P(value), Z_STRLEN_P(value), NULL, NULL, 0);
-+ new_len = php_strip_tags_ex(Z_STRVAL_P(value), Z_STRLEN_P(value), NULL, NULL, 0, 1);
- Z_STRLEN_P(value) = new_len;
-
- if (new_len == 0) {
-@@ -191,21 +187,6 @@
- ZVAL_EMPTY_STRING(value);
- return;
- }
--
-- if (! (flags & FILTER_FLAG_NO_ENCODE_QUOTES)) {
-- /* encode ' and " to numerical entity */
-- php_filter_encode_html(value, "'\"", 0);
-- }
-- /* strip high/strip low ( see flags )*/
-- php_filter_strip(value, flags);
--
-- /* encode low/encode high flags */
-- php_filter_encode_html_high_low(value, flags);
--
-- /* also all the flags - & encode as %xx */
-- if (flags & FILTER_FLAG_ENCODE_AMP) {
-- php_filter_encode_html(value, "&", 0);
-- }
- }
- /* }}} */
-
-@@ -222,11 +203,21 @@
- /* {{{ php_filter_special_chars */
- void php_filter_special_chars(PHP_INPUT_FILTER_PARAM_DECL)
- {
-+ unsigned char enc[256] = {0};
-+
-+ php_filter_strip(value, flags);
-+
- /* encodes ' " < > & \0 to numerical entities */
-- php_filter_encode_html(value, "'\"<>&", 1);
-+ enc['\''] = enc['"'] = enc['<'] = enc['>'] = enc['&'] = enc[0] = 1;
-+
- /* if strip low is not set, then we encode them as &#xx; */
-- php_filter_strip(value, flags);
-- php_filter_encode_html_high_low(value, FILTER_FLAG_ENCODE_LOW | flags);
-+ memset(enc, 1, 32);
-+
-+ if (flags & FILTER_FLAG_ENCODE_HIGH) {
-+ memset(enc + 127, 1, sizeof(enc) - 127);
-+ }
-+
-+ php_filter_encode_html(value, enc);
- }
- /* }}} */
-
-@@ -235,11 +226,21 @@
- {
- /* Only if no flags are set (optimization) */
- if (flags != 0 && Z_STRLEN_P(value) > 0) {
-+ unsigned char enc[256] = {0};
-+
- php_filter_strip(value, flags);
-+
- if (flags & FILTER_FLAG_ENCODE_AMP) {
-- php_filter_encode_html(value, "&", 0);
-+ enc['&'] = 1;
- }
-- php_filter_encode_html_high_low(value, flags);
-+ if (flags & FILTER_FLAG_ENCODE_LOW) {
-+ memset(enc, 1, 32);
-+ }
-+ if (flags & FILTER_FLAG_ENCODE_HIGH) {
-+ memset(enc + 127, 1, sizeof(enc) - 127);
-+ }
-+
-+ php_filter_encode_html(value, enc);
- }
- }
- /* }}} */
Deleted: data/patches/MOPB/MOPB-19-php5.diff
===================================================================
--- data/patches/MOPB/MOPB-19-php5.diff 2011-01-18 02:17:33 UTC (rev 15915)
+++ data/patches/MOPB/MOPB-19-php5.diff 2011-01-18 02:17:42 UTC (rev 15916)
@@ -1,1127 +0,0 @@
-Index: php5-5.2.0/ext/filter/logical_filters.c
-===================================================================
---- php5-5.2.0.orig/ext/filter/logical_filters.c 2007-04-23 20:22:47.000000000 +0200
-+++ php5-5.2.0/ext/filter/logical_filters.c 2007-04-23 20:22:47.000000000 +0200
-@@ -17,21 +17,33 @@
- +----------------------------------------------------------------------+
- */
-
--/* $Id: logical_filters.c,v 1.1.2.11 2006/10/17 15:26:14 iliaa Exp $ */
-+/* $Id: logical_filters.c,v 1.1.2.18 2006/12/26 09:16:24 dmitry Exp $ */
-
- #include "php_filter.h"
- #include "filter_private.h"
- #include "ext/standard/url.h"
- #include "ext/pcre/php_pcre.h"
-
-+#include "zend_multiply.h"
-+
-+#if HAVE_ARPA_INET_H
-+# include <arpa/inet.h>
-+#endif
-+
-+#define LONG_SIGN_MASK (1L << (8*sizeof(long)-1))
-+
-+#ifndef INADDR_NONE
-+# define INADDR_NONE ((unsigned long int) -1)
-+#endif
-+
-+
- /* {{{ FETCH_LONG_OPTION(var_name, option_name) */
- #define FETCH_LONG_OPTION(var_name, option_name) \
- var_name = 0; \
- var_name##_set = 0; \
- if (option_array) { \
- if (zend_hash_find(HASH_OF(option_array), option_name, sizeof(option_name), (void **) &option_val) == SUCCESS) { \
-- convert_to_long(*option_val); \
-- var_name = Z_LVAL_PP(option_val); \
-+ PHP_FILTER_GET_LONG_OPT(option_val, var_name); \
- var_name##_set = 1; \
- } \
- }
-@@ -44,10 +56,11 @@
- var_name##_len = 0; \
- if (option_array) { \
- if (zend_hash_find(HASH_OF(option_array), option_name, sizeof(option_name), (void **) &option_val) == SUCCESS) { \
-- convert_to_string(*option_val); \
-- var_name = Z_STRVAL_PP(option_val); \
-- var_name##_set = 1; \
-- var_name##_len = Z_STRLEN_PP(option_val); \
-+ if (Z_TYPE_PP(option_val) == IS_STRING) { \
-+ var_name = Z_STRVAL_PP(option_val); \
-+ var_name##_len = Z_STRLEN_PP(option_val); \
-+ var_name##_set = 1; \
-+ } \
- } \
- }
- /* }}} */
-@@ -55,24 +68,14 @@
- #define FORMAT_IPV4 4
- #define FORMAT_IPV6 6
-
--#define RETURN_VALIDATION_FAILED \
-- zval_dtor(value); \
-- if (flags & FILTER_NULL_ON_FAILURE) { \
-- ZVAL_NULL(value); \
-- } else { \
-- ZVAL_FALSE(value); \
-- } \
-- return; \
--
- static int php_filter_parse_int(const char *str, unsigned int str_len, long *ret TSRMLS_DC) { /* {{{ */
-- long ctx_value = 0;
-+ long ctx_value;
- long sign = 1;
-- int error = 0;
-- const char *end;
-+ const char *end = str + str_len;
-+ double dval;
-+ long overflow;
-
-- end = str + str_len;
--
-- switch(*str) {
-+ switch (*str) {
- case '-':
- sign = -1;
- case '+':
-@@ -82,88 +85,79 @@
- }
-
- /* must start with 1..9*/
-- if (*str >= '1' && *str <= '9') {
-- ctx_value += ((*str) - '0');
-- str++;
-+ if (str < end && *str >= '1' && *str <= '9') {
-+ ctx_value = ((*(str++)) - '0');
- } else {
- return -1;
- }
-
-- if (str_len == 1 ) {
-- *ret = ctx_value;
-- return 1;
-- }
--
-- while (*str) {
-+ while (str < end) {
- if (*str >= '0' && *str <= '9') {
-- ctx_value *= 10;
-- ctx_value += ((*str) - '0');
-- str++;
-+ ZEND_SIGNED_MULTIPLY_LONG(ctx_value, 10, ctx_value, dval, overflow);
-+ if (overflow) {
-+ return -1;
-+ }
-+ ctx_value += ((*(str++)) - '0');
-+ if (ctx_value & LONG_SIGN_MASK) {
-+ return -1;
-+ }
- } else {
-- error = 1;
-- break;
-+ return -1;
- }
- }
-
-- /* state "tail" */
-- if (!error && *str == '\0' && str == end) {
-- *ret = ctx_value * sign;
-- return 1;
-- } else {
-- return -1;
-- }
-+ *ret = ctx_value * sign;
-+ return 1;
- }
- /* }}} */
-
- static int php_filter_parse_octal(const char *str, unsigned int str_len, long *ret TSRMLS_DC) { /* {{{ */
-- long ctx_value = 0;
-- int error = 0;
-+ unsigned long ctx_value = 0;
-+ const char *end = str + str_len;
-
-- while (*str) {
-+ while (str < end) {
- if (*str >= '0' && *str <= '7') {
-- ctx_value *= 8;
-- ctx_value += ((*str) - '0');
-- str++;
-+ unsigned long n = ((*(str++)) - '0');
-+
-+ if ((ctx_value > ((unsigned long)(~(long)0)) / 8) ||
-+ ((ctx_value = ctx_value * 8) > ((unsigned long)(~(long)0)) - n)) {
-+ return -1;
-+ }
-+ ctx_value += n;
- } else {
-- error = 1;
-- break;
-+ return -1;
- }
- }
-- if (!error && *str == '\0') {
-- *ret = ctx_value;
-- return 1;
-- } else {
-- return -1;
-- }
-+
-+ *ret = (long)ctx_value;
-+ return 1;
- }
- /* }}} */
-
- static int php_filter_parse_hex(const char *str, unsigned int str_len, long *ret TSRMLS_DC) { /* {{{ */
-- long ctx_value = 0;
-- int error = 0;
-+ unsigned long ctx_value = 0;
-+ const char *end = str + str_len;
-+ unsigned long n;
-
-- while (*str) {
-- if ((*str >= '0' && *str <= '9') || (*str >= 'a' && *str <= 'f') || (*str >= 'A' && *str <= 'F')) {
-- ctx_value *= 16;
-- if (*str >= '0' && *str <= '9') {
-- ctx_value += ((*str) - '0');
-- } else if (*str >= 'a' && *str <= 'f') {
-- ctx_value += 10 + ((*str) - 'a');
-- } else if (*str >= 'A' && *str <= 'F') {
-- ctx_value += 10 + ((*str) - 'A');
-- }
-- str++;
-+ while (str < end) {
-+ if (*str >= '0' && *str <= '9') {
-+ n = ((*(str++)) - '0');
-+ } else if (*str >= 'a' && *str <= 'f') {
-+ n = ((*(str++)) - ('a' - 10));
-+ } else if (*str >= 'A' && *str <= 'F') {
-+ n = ((*(str++)) - ('A' - 10));
- } else {
-- error = 1;
-- break;
-+ return -1;
- }
-+ if ((ctx_value > ((unsigned long)(~(long)0)) / 16) ||
-+ ((ctx_value = ctx_value * 16) > ((unsigned long)(~(long)0)) - n)) {
-+ return -1;
-+ }
-+ ctx_value += n;
- }
-- if (!error && *str == '\0') {
-- *ret = ctx_value;
-- return 1;
-- } else {
-- return -1;
-- }
-+
-+ *ret = (long)ctx_value;
-+ return 1;
- }
- /* }}} */
-
-@@ -175,7 +169,7 @@
- int allow_octal = 0, allow_hex = 0;
- int len, error = 0;
- long ctx_value;
-- char *p, *start, *end;
-+ char *p;
-
- /* Parse options */
- FETCH_LONG_OPTION(min_range, "min_range");
-@@ -200,12 +194,12 @@
- p = Z_STRVAL_P(value);
- ctx_value = 0;
-
-- PHP_FILTER_TRIM_DEFAULT(p, len, end);
-+ PHP_FILTER_TRIM_DEFAULT(p, len);
-
- if (*p == '0') {
-- p++;
-+ p++; len--;
- if (allow_hex && (*p == 'x' || *p == 'X')) {
-- p++;
-+ p++; len--;
- if (php_filter_parse_hex(p, len, &ctx_value TSRMLS_CC) < 0) {
- error = 1;
- }
-@@ -213,7 +207,7 @@
- if (php_filter_parse_octal(p, len, &ctx_value TSRMLS_CC) < 0) {
- error = 1;
- }
-- } else if (len != 1) {
-+ } else if (len != 0) {
- error = 1;
- }
- } else {
-@@ -236,34 +230,65 @@
- void php_filter_boolean(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
- {
- char *str = Z_STRVAL_P(value);
-- char *start, *end;
- int len = Z_STRLEN_P(value);
-+ int ret;
-
-- if (len>0) {
-- PHP_FILTER_TRIM_DEFAULT(str, len, end);
-- } else {
-- RETURN_VALIDATION_FAILED
-- }
-+ PHP_FILTER_TRIM_DEFAULT(str, len);
-
- /* returns true for "1", "true", "on" and "yes"
- * returns false for "0", "false", "off", "no", and ""
- * null otherwise. */
-- if ((strncasecmp(str, "true", sizeof("true")) == 0) ||
-- (strncasecmp(str, "yes", sizeof("yes")) == 0) ||
-- (strncasecmp(str, "on", sizeof("on")) == 0) ||
-- (strncmp(str, "1", sizeof("1")) == 0))
-- {
-- zval_dtor(value);
-- ZVAL_BOOL(value, 1);
-- } else if ((strncasecmp(str, "false", sizeof("false")) == 0) ||
-- (strncasecmp(str, "no", sizeof("no")) == 0) ||
-- (strncasecmp(str, "off", sizeof("off")) == 0) ||
-- (strncmp(str, "0", sizeof("0")) == 0))
-- {
-- zval_dtor(value);
-- ZVAL_BOOL(value, 0);
-- } else {
-+ switch (len) {
-+ case 1:
-+ if (*str == '1') {
-+ ret = 1;
-+ } else if (*str == '0') {
-+ ret = 0;
-+ } else {
-+ ret = -1;
-+ }
-+ break;
-+ case 2:
-+ if (strncasecmp(str, "on", 2) == 0) {
-+ ret = 1;
-+ } else if (strncasecmp(str, "no", 2) == 0) {
-+ ret = 0;
-+ } else {
-+ ret = -1;
-+ }
-+ break;
-+ case 3:
-+ if (strncasecmp(str, "yes", 3) == 0) {
-+ ret = 1;
-+ } else if (strncasecmp(str, "off", 3) == 0) {
-+ ret = 0;
-+ } else {
-+ ret = -1;
-+ }
-+ break;
-+ case 4:
-+ if (strncasecmp(str, "true", 4) == 0) {
-+ ret = 1;
-+ } else {
-+ ret = -1;
-+ }
-+ break;
-+ case 5:
-+ if (strncasecmp(str, "false", 5) == 0) {
-+ ret = 0;
-+ } else {
-+ ret = -1;
-+ }
-+ break;
-+ default:
-+ ret = -1;
-+ }
-+
-+ if (ret == -1) {
- RETURN_VALIDATION_FAILED
-+ } else {
-+ zval_dtor(value);
-+ ZVAL_BOOL(value, ret);
- }
- }
- /* }}} */
-@@ -271,168 +296,102 @@
- void php_filter_float(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
- {
- int len;
-- char *str, *start, *end;
-+ char *str, *end;
-+ char *num, *p;
-
- zval **option_val;
- char *decimal;
-- char dec_sep = '\0';
--
-- const char default_decimal[] = ".";
- int decimal_set, decimal_len;
--
-+ char dec_sep = '.';
- char tsd_sep[3] = "',.";
-
-- long options_flag;
-- int options_flag_set;
--
-- int sign = 1;
-+ long lval;
-+ double dval;
-
-- double ret_val = 0;
-- double factor;
--
-- int exp_value = 0, exp_multiply = 1;
-+ int first, n;
-
- len = Z_STRLEN_P(value);
--
-- if (len < 1) {
-- RETURN_VALIDATION_FAILED
-- }
--
- str = Z_STRVAL_P(value);
-- start = str;
-
-- if (len == 1) {
-- if (*str >= '0' && *str <= '9') {
-- ret_val = (double)*str - '0';
-- } else if (*str == 'E' || *str == 'e') {
-- ret_val = 0;
-- }
-- zval_dtor(value);
-- Z_TYPE_P(value) = IS_DOUBLE;
-- Z_DVAL_P(value) = ret_val;
-- return;
-- }
-+ PHP_FILTER_TRIM_DEFAULT(str, len);
-+ end = str + len;
-
- FETCH_STRING_OPTION(decimal, "decimal");
-- FETCH_LONG_OPTION(options_flag, "flags");
-
- if (decimal_set) {
-- if (decimal_len > 1) {
-+ if (decimal_len != 1) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "decimal separator must be one char");
-+ RETURN_VALIDATION_FAILED
- } else {
- dec_sep = *decimal;
- }
-- } else {
-- dec_sep = *default_decimal;
-- }
--
-- PHP_FILTER_TRIM_DEFAULT(str, len, end);
--
-- if (*str == '-') {
-- sign = -1;
-- str++;
-- start = str;
-- } else if (*str == '+') {
-- sign = 1;
-- str++;
-- start = str;
-- }
--
-- ret_val = 0.0;
--
-- while (*str == '0') {
-- str++;
-- }
--
-- if (*str == dec_sep) {
-- str++;
-- goto stateDot;
-- }
--
-- ret_val = 0;
--
-- if (str != start) {
-- str--;
-- }
--
-- while (*str && *str != dec_sep) {
-- if ((options_flag & FILTER_FLAG_ALLOW_THOUSAND) && (*str == tsd_sep[0] || *str == tsd_sep[1] || *str == tsd_sep[2])) {
-- str++;
-- continue;
-- }
--
-- if (*str == 'e' || *str == 'E') {
-- goto stateExp;
-- }
--
-- if (*str < '0' || *str > '9') {
-- goto stateError;
-- }
--
-- ret_val *=10; ret_val += (*str - '0');
-- str++;
-- }
-- if (!(*str)) {
-- goto stateT;
- }
-- str++;
-
--stateDot:
-- factor = 0.1;
-- while (*str) {
-- if (*str == 'e' || *str == 'E') {
-- goto stateExp;
-+ num = p = emalloc(len+1);
-+ if (str < end && (*str == '+' || *str == '-')) {
-+ *p++ = *str++;
-+ }
-+ first = 1;
-+ while (1) {
-+ n = 0;
-+ while (str < end && *str >= '0' && *str <= '9') {
-+ ++n;
-+ *p++ = *str++;
-+ }
-+ if (str == end || *str == dec_sep || *str == 'e' || *str == 'E') {
-+ if (!first && n != 3) {
-+ goto error;
-+ }
-+ if (*str == dec_sep) {
-+ *p++ = '.';
-+ str++;
-+ while (str < end && *str >= '0' && *str <= '9') {
-+ *p++ = *str++;
-+ }
-+ }
-+ if (*str == 'e' || *str == 'E') {
-+ *p++ = *str++;
-+ if (str < end && (*str == '+' || *str == '-')) {
-+ *p++ = *str++;
-+ }
-+ while (str < end && *str >= '0' && *str <= '9') {
-+ *p++ = *str++;
-+ }
-+ }
-+ break;
- }
--
-- if (*str < '0' || *str > '9') {
-- goto stateError;
-+ if ((flags & FILTER_FLAG_ALLOW_THOUSAND) && (*str == tsd_sep[0] || *str == tsd_sep[1] || *str == tsd_sep[2])) {
-+ if (first?(n < 1 || n > 3):(n != 3)) {
-+ goto error;
-+ }
-+ first = 0;
-+ str++;
-+ } else {
-+ goto error;
- }
--
-- ret_val += factor * (*str - '0');
-- factor /= 10;
-- str++;
- }
-- if (!(*str)) {
-- goto stateT;
-+ if (str != end) {
-+ goto error;
- }
-+ *p = 0;
-
--stateExp:
-- str++;
-- switch (*str) {
-- case '-':
-- exp_multiply = -1;
-- str++;
-+ switch (is_numeric_string(num, p - num, &lval, &dval, 0)) {
-+ case IS_LONG:
-+ zval_dtor(value);
-+ Z_TYPE_P(value) = IS_DOUBLE;
-+ Z_DVAL_P(value) = lval;
- break;
-- case '+':
-- exp_multiply = 1;
-- str++;
-- }
--
-- while (*str) {
-- if (*str < '0' || *str > '9') {
-- goto stateError;
-- }
-- exp_value *= 10;
-- exp_value += ((*str) - '0');
-- str++;
-- }
--
--stateT:
-- if ((str -1) != end) {
-- goto stateError;
-- }
-- if (exp_value) {
-- exp_value *= exp_multiply;
-- ret_val *= pow(10, exp_value);
-+ case IS_DOUBLE:
-+ zval_dtor(value);
-+ Z_TYPE_P(value) = IS_DOUBLE;
-+ Z_DVAL_P(value) = dval;
-+ break;
-+ default:
-+error:
-+ efree(num);
-+ RETURN_VALIDATION_FAILED
- }
--
-- zval_dtor(value);
-- Z_TYPE_P(value) = IS_DOUBLE;
-- Z_DVAL_P(value) = sign * ret_val;
-- return;
--
--stateError:
-- RETURN_VALIDATION_FAILED
-+ efree(num);
- }
- /* }}} */
-
-@@ -476,6 +435,13 @@
- void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
- {
- php_url *url;
-+ int old_len = Z_STRLEN_P(value);
-+
-+ php_filter_url(value, flags, option_array, charset TSRMLS_CC);
-+
-+ if (Z_TYPE_P(value) != IS_STRING || old_len != Z_STRLEN_P(value)) {
-+ RETURN_VALIDATION_FAILED
-+ }
-
- /* Use parse_url - if it returns false, we return NULL */
- url = php_url_parse_ex(Z_STRVAL_P(value), Z_STRLEN_P(value));
-@@ -485,10 +451,10 @@
- }
-
- if (
-- ((flags & FILTER_FLAG_SCHEME_REQUIRED) && url->scheme == NULL) ||
-- ((flags & FILTER_FLAG_HOST_REQUIRED) && url->host == NULL) ||
-- ((flags & FILTER_FLAG_PATH_REQUIRED) && url->path == NULL) ||
-- ((flags & FILTER_FLAG_QUERY_REQUIRED) && url->query == NULL)
-+ url->scheme == NULL ||
-+ /* some schemas allow the host to be empty */
-+ (url->host == NULL && (strcmp(url->scheme, "mailto") && strcmp(url->scheme, "news") && strcmp(url->scheme, "file"))) ||
-+ ((flags & FILTER_FLAG_PATH_REQUIRED) && url->path == NULL) || ((flags & FILTER_FLAG_QUERY_REQUIRED) && url->query == NULL)
- ) {
- php_url_free(url);
- RETURN_VALIDATION_FAILED
-@@ -500,7 +466,7 @@
- void php_filter_validate_email(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
- {
- /* From http://cvs.php.net/co.php/pear/HTML_QuickForm/QuickForm/Rule/Email.php?r=1.4 */
-- const char regexp[] = "/^((\\\"[^\\\"\\f\\n\\r\\t\\v\\b]+\\\")|([\\w\\!\\#\\$\\%\\&\\'\\*\\+\\-\\~\\/\\^\\`\\|\\{\\}]+(\\.[\\w\\!\\#\\$\\%\\&\\'\\*\\+\\-\\~\\/\\^\\`\\|\\{\\}]+)*))@((\\[(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))\\])|(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))|((([A-Za-z0-9\\-])+\\.)+[A-Za-z\\-]+))$/";
-+ const char regexp[] = "/^((\\\"[^\\\"\\f\\n\\r\\t\\b]+\\\")|([\\w\\!\\#\\$\\%\\&\\'\\*\\+\\-\\~\\/\\^\\`\\|\\{\\}]+(\\.[\\w\\!\\#\\$\\%\\&\\'\\*\\+\\-\\~\\/\\^\\`\\|\\{\\}]+)*))@((\\[(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))\\])|(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))|((([A-Za-z0-9\\-])+\\.)+[A-Za-z\\-]+))$/";
-
- pcre *re = NULL;
- pcre_extra *pcre_extra = NULL;
-@@ -523,220 +489,97 @@
- }
- /* }}} */
-
--static int _php_filter_validate_ipv4_count_dots(char *str) /* {{{ */
--{
-- char *s1, *s2, *s3, *s4;
--
-- s1 = strchr(str, '.');
-- if (!s1)
-- return 0;
-- s2 = strchr(s1 + 1, '.');
-- if (!s2)
-- return 1;
-- s3 = strchr(s2 + 1, '.');
-- if (!s3)
-- return 2;
-- s4 = strchr(s3 + 1, '.');
-- if (!s4)
-- return 3;
-- return 4; /* too many */
--}
--/* }}} */
--
--static int _php_filter_validate_ipv4_get_nr(char **str) /* {{{ */
--{
-- char *begin, *end, *ptr, *tmp_str;
-- int tmp_nr = -1;
--
-- begin = ptr = *str;
-- while ((*ptr >= '0') && (*ptr <= '9')) {
-- ++ptr;
-- }
-- end = ptr;
-- *str = end + 1;
--
-- if (end == begin) {
-- return -1;
-- }
--
-- tmp_str = calloc(1, end - begin + 1);
-- memcpy(tmp_str, begin, end - begin);
-- tmp_nr = strtol(tmp_str, NULL, 10);
-- free(tmp_str);
--
-- if (tmp_nr < 0 || tmp_nr > 255) {
-- tmp_nr = -1;
-- }
-- return tmp_nr;
--}
--/* }}} */
--
--static int _php_filter_validate_ipv4(char *str, int *ip TSRMLS_DC) /* {{{ */
-+static int _php_filter_validate_ipv4(char *str, int str_len, int *ip) /* {{{ */
- {
-- char *p;
-- int x;
-+ const char *end = str + str_len;
-+ int num, m;
-+ int n = 0;
-
-- if (_php_filter_validate_ipv4_count_dots(str) != 3) {
-- return 0;
-- }
--
-- p = str;
-- for (x = 0; x < 4; ++x) {
-- ip[x] = _php_filter_validate_ipv4_get_nr(&p);
-- if (ip[x] == -1) {
-+ while (str < end) {
-+ if (*str < '0' || *str > '9') {
-+ return 0;
-+ }
-+ m = 1;
-+ num = ((*(str++)) - '0');
-+ while (str < end && (*str >= '0' && *str <= '9')) {
-+ num = num * 10 + ((*(str++)) - '0');
-+ if (num > 255 || ++m > 3) {
-+ return 0;
-+ }
-+ }
-+ ip[n++] = num;
-+ if (n == 4) {
-+ return str == end;
-+ } else if (str >= end || *(str++) != '.') {
- return 0;
- }
- }
-- return 1;
-+ return 0;
- }
- /* }}} */
-
--#define IS_HEX(s) if (!((s >= '0' && s <= '9') || (s >= 'a' && s <= 'f') ||(s >= 'A' && s <= 'F'))) { \
-- return 0; \
--}
--
--#define IPV6_LOOP_IN(str) \
-- if (*str == ':') { \
-- if (hexcode_found > 4) { \
-- return -134; \
-- } \
-- hexcode_found = 0; \
-- col_fnd++; \
-- } else { \
-- IS_HEX(*str); \
-- hexcode_found++; \
-- }
--
--static int _php_filter_validate_ipv6_(char *str TSRMLS_DC) /* {{{ */
-+static int _php_filter_validate_ipv6(char *str, int str_len TSRMLS_DC) /* {{{ */
- {
-- int hexcode_found = 0;
-- int compressed_2end = 0;
-- int col_fnd = 0;
-- char *start = str;
-- char *compressed = NULL, *t = str;
-- char *s2 = NULL, *ipv4=NULL;
-+ int compressed = 0;
-+ int blocks = 8;
-+ int n;
-+ char *ipv4;
-+ char *end;
- int ip4elm[4];
-
-- if (!strchr(str, ':')) {
-+ if (!memchr(str, ':', str_len)) {
- return 0;
- }
-
-- /* Check for compressed expression. only one is allowed */
-- compressed = strstr(str, "::");
-- if (compressed) {
-- s2 = strstr(compressed+1, "::");
-- if (s2) {
-- return 0;
-- }
-- }
--
- /* check for bundled IPv4 */
-- ipv4 = strchr(str, '.');
--
-+ ipv4 = memchr(str, '.', str_len);
- if (ipv4) {
-- while (*ipv4 != ':' && ipv4 >= start) {
-+ while (ipv4 > str && *(ipv4-1) != ':') {
- ipv4--;
- }
-
-- /* ::w.x.y.z */
-- if (compressed && ipv4 == (compressed + 1)) {
-- compressed_2end = 1;
-- }
-- ipv4++;
--
-- if (!_php_filter_validate_ipv4(ipv4, ip4elm TSRMLS_CC)) {
-+ if (!_php_filter_validate_ipv4(ipv4, (str_len - (ipv4 - str)), ip4elm)) {
- return 0;
- }
--
-- if (compressed_2end) {
-- return 1;
-+ str_len = (ipv4 - str) - 1;
-+ if (str_len == 1) {
-+ return *str == ':';
- }
-+ blocks = 6;
- }
-
-- if (!compressed) {
-- char *end;
-- if (ipv4) {
-- end = ipv4 - 1;
-- } else {
-- end = str + strlen(start);
-- }
--
-- while (*str && str <= end) {
-- IPV6_LOOP_IN(str);
-- str++;
-- }
--
-- if (!ipv4) {
-- if (col_fnd != 7) {
-- return 0;
-- } else {
-- return 1;
-- }
-- } else {
-- if (col_fnd != 6) {
-- return -1230;
-- } else {
-- return 1;
-- }
-- }
-- } else {
-- if (!ipv4) {
-- t = compressed - 1;
-- while (t >= start) {
-- IPV6_LOOP_IN(t);
-- t--;
-- }
--
-- if (hexcode_found > 4) {
-- return 0;
-- }
--
-- t = compressed + 2;
-- hexcode_found = 0;
-- while (*t) {
-- IPV6_LOOP_IN(t);
-- t++;
-- }
--
-- if (hexcode_found > 4) {
-- return 0;
-- }
--
-- if (col_fnd > 6) {
-- return 0;
-- } else {
-- return 1;
-- }
-- } else {
-- /* ipv4 part always at the end */
-- t = ipv4 - 1;
-- while (t >= (compressed + 2)) {
-- IPV6_LOOP_IN(t);
-- t--;
-- }
--
-- if (hexcode_found > 4) {
-+ end = str + str_len;
-+ while (str < end) {
-+ if (*str == ':') {
-+ if (--blocks == 0) {
- return 0;
-- }
--
-- hexcode_found = 0;
-- t = compressed - 1;
-- while (t >= start) {
-- IPV6_LOOP_IN(t);
-- t--;
-- }
-- if (hexcode_found > 4) {
-+ }
-+ if (++str >= end) {
- return 0;
- }
--
-- if (col_fnd > 6) {
-- return 0;
-- } else {
-- return 1;
-- }
-+ if (*str == ':') {
-+ if (compressed || --blocks == 0) {
-+ return 0;
-+ }
-+ if (++str == end) {
-+ return 1;
-+ }
-+ compressed = 1;
-+ }
-+ }
-+ n = 0;
-+ while ((str < end) &&
-+ ((*str >= '0' && *str <= '9') ||
-+ (*str >= 'a' && *str <= 'f') ||
-+ (*str >= 'A' && *str <= 'F'))) {
-+ n++;
-+ str++;
-+ }
-+ if (n < 1 || n > 4) {
-+ return 0;
- }
- }
-- return 0;
-+ return (compressed || blocks == 1);
- }
- /* }}} */
-
-@@ -771,7 +614,7 @@
-
- switch (mode) {
- case FORMAT_IPV4:
-- if (!_php_filter_validate_ipv4(str, ip TSRMLS_CC)) {
-+ if (!_php_filter_validate_ipv4(str, Z_STRLEN_P(value), ip)) {
- RETURN_VALIDATION_FAILED
- }
-
-@@ -801,7 +644,7 @@
- case FORMAT_IPV6:
- {
- int res = 0;
-- res = _php_filter_validate_ipv6_(str TSRMLS_CC);
-+ res = _php_filter_validate_ipv6(str, Z_STRLEN_P(value) TSRMLS_CC);
- if (res < 1) {
- RETURN_VALIDATION_FAILED
- }
-Index: php5-5.2.0/ext/filter/filter_private.h
-===================================================================
---- php5-5.2.0.orig/ext/filter/filter_private.h 2006-10-17 17:26:14.000000000 +0200
-+++ php5-5.2.0/ext/filter/filter_private.h 2007-04-23 20:22:47.000000000 +0200
-@@ -81,27 +81,38 @@
-
- #define FILTER_CALLBACK 0x0400
-
--#define PHP_FILTER_TRIM_DEFAULT(p, len, end) { \
-- while (*p == ' ' || *p == '\t' || *p == '\r' || *p == '\v') { \
-+#define RETURN_VALIDATION_FAILED \
-+ zval_dtor(value); \
-+ if (flags & FILTER_NULL_ON_FAILURE) { \
-+ ZVAL_NULL(value); \
-+ } else { \
-+ ZVAL_FALSE(value); \
-+ } \
-+ return; \
-+
-+#define PHP_FILTER_TRIM_DEFAULT(p, len) { \
-+ while ((len > 0) && (*p == ' ' || *p == '\t' || *p == '\r' || *p == '\v' || *p == '\n')) { \
- p++; \
- len--; \
- } \
-- start = p; \
-- end = p + len - 1; \
-- if (*end == ' ' || *end == '\t' || *end == '\r' || *end == '\v') { \
-- unsigned int i; \
-- for (i = len - 1; i >= 0; i--) { \
-- if (!(p[i] == ' ' || p[i] == '\t' || p[i] == '\r' || p[i] == '\v')) { \
-- break; \
-- } \
-- } \
-- i++; \
-- p[i] = '\0'; \
-- end = p + i - 1; \
-- len = (int) (end - p) + 1; \
-+ if (len < 1) { \
-+ RETURN_VALIDATION_FAILED \
-+ } \
-+ while (p[len-1] == ' ' || p[len-1] == '\t' || p[len-1] == '\r' || p[len-1] == '\v' || p[len-1] == '\n') { \
-+ len--; \
- } \
- }
-
-+#define PHP_FILTER_GET_LONG_OPT(zv, opt) { \
-+ if (Z_TYPE_PP(zv) != IS_LONG) { \
-+ zval tmp = **zv; \
-+ zval_copy_ctor(&tmp); \
-+ convert_to_long(&tmp); \
-+ opt = Z_LVAL(tmp); \
-+ } else { \
-+ opt = Z_LVAL_PP(zv); \
-+ } \
-+}
-
- #endif /* FILTER_PRIVATE_H */
-
-Index: php5-5.2.0/ext/standard/php_string.h
-===================================================================
---- php5-5.2.0.orig/ext/standard/php_string.h 2007-04-23 20:46:25.000000000 +0200
-+++ php5-5.2.0/ext/standard/php_string.h 2007-04-23 20:49:04.000000000 +0200
-@@ -132,6 +132,7 @@
- int needle_len, char *str, int str_len, int *_new_length);
- PHPAPI char *php_trim(char *c, int len, char *what, int what_len, zval *return_value, int mode TSRMLS_DC);
- PHPAPI size_t php_strip_tags(char *rbuf, int len, int *state, char *allow, int allow_len);
-+PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow, int allow_len, zend_bool allow_tag_spaces);
- PHPAPI int php_char_to_str_ex(char *str, uint len, char from, char *to, int to_len, zval *result, int case_sensitivity, int *replace_count);
- PHPAPI int php_char_to_str(char *str, uint len, char from, char *to, int to_len, zval *result);
- PHPAPI void php_implode(zval *delim, zval *arr, zval *return_value TSRMLS_DC);
-Index: php5-5.2.0/ext/standard/string.c
-===================================================================
---- php5-5.2.0.orig/ext/standard/string.c 2007-04-23 20:25:58.000000000 +0200
-+++ php5-5.2.0/ext/standard/string.c 2007-04-23 20:45:31.000000000 +0200
-@@ -1230,11 +1230,11 @@
- }
-
- len = cend - comp;
-- ret = emalloc(len + 1);
-- memcpy(ret, comp, len);
-- ret[len] = '\0';
-
- if (p_ret) {
-+ ret = emalloc(len + 1);
-+ memcpy(ret, comp, len);
-+ ret[len] = '\0';
- *p_ret = ret;
- }
- if (p_len) {
-@@ -1876,6 +1876,8 @@
-
- if (offset >= 0) {
- if (offset > haystack_len) {
-+ efree(needle_dup);
-+ efree(haystack_dup);
- php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Offset is greater than the length of haystack string");
- RETURN_FALSE;
- }
-@@ -1883,6 +1885,8 @@
- e = haystack_dup + haystack_len - needle_len;
- } else {
- if (-offset > haystack_len) {
-+ efree(needle_dup);
-+ efree(haystack_dup);
- php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Offset is greater than the length of haystack string");
- RETURN_FALSE;
- }
-@@ -3872,7 +3876,7 @@
- }
- convert_to_string_ex(str);
- buf = estrndup(Z_STRVAL_PP(str), Z_STRLEN_PP(str));
-- retval_len = php_strip_tags(buf, Z_STRLEN_PP(str), NULL, allowed_tags, allowed_tags_len);
-+ retval_len = php_strip_tags_ex(buf, Z_STRLEN_PP(str), NULL, allowed_tags, allowed_tags_len, 0);
- RETURN_STRINGL(buf, retval_len, 0);
- }
- /* }}} */
-@@ -4026,7 +4030,13 @@
- int php_tag_find(char *tag, int len, char *set) {
- char c, *n, *t;
- int state=0, done=0;
-- char *norm = emalloc(len+1);
-+ char *norm;
-+
-+ if (len <= 0) {
-+ return 0;
-+ }
-+
-+ norm = emalloc(len+1);
-
- n = norm;
- t = tag;
-@@ -4036,9 +4046,6 @@
- and turn any <a whatever...> into just <a> and any </tag>
- into <tag>
- */
-- if (!len) {
-- return 0;
-- }
- while (!done) {
- switch (c) {
- case '<':
-@@ -4076,6 +4083,11 @@
- }
- /* }}} */
-
-+PHPAPI size_t php_strip_tags(char *rbuf, int len, int *stateptr, char *allow, int allow_len)
-+{
-+ return php_strip_tags_ex(rbuf, len, stateptr, allow, allow_len, 0);
-+}
-+
- /* {{{ php_strip_tags
-
- A simple little state-machine to strip out html and php tags
-@@ -4096,10 +4108,10 @@
- swm: Added ability to strip <?xml tags without assuming it PHP
- code.
- */
--PHPAPI size_t php_strip_tags(char *rbuf, int len, int *stateptr, char *allow, int allow_len)
-+PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow, int allow_len, zend_bool allow_tag_spaces)
- {
- char *tbuf, *buf, *p, *tp, *rp, c, lc;
-- int br, i=0, depth=0;
-+ int br, i=0, depth=0, in_q = 0;
- int state = 0;
-
- if (stateptr)
-@@ -4124,7 +4136,7 @@
- case '\0':
- break;
- case '<':
-- if (isspace(*(p + 1))) {
-+ if (isspace(*(p + 1)) && !allow_tag_spaces) {
- goto reg_char;
- }
- if (state == 0) {
-@@ -4133,7 +4145,7 @@
- if (allow) {
- tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp);
- *(tp++) = '<';
-- }
-+ }
- } else if (state == 1) {
- depth++;
- }
-@@ -4172,7 +4184,11 @@
- depth--;
- break;
- }
--
-+
-+ if (in_q) {
-+ break;
-+ }
-+
- switch (state) {
- case 1: /* HTML/XML */
- lc = '>';
-@@ -4228,6 +4244,9 @@
- tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp);
- *(tp++) = c;
- }
-+ if (p != buf && *(p-1) != '\\') {
-+ in_q = !in_q;
-+ }
- break;
-
- case '!':
Deleted: data/patches/MOPB/MOPB-22-php5.diff
===================================================================
--- data/patches/MOPB/MOPB-22-php5.diff 2011-01-18 02:17:33 UTC (rev 15915)
+++ data/patches/MOPB/MOPB-22-php5.diff 2011-01-18 02:17:42 UTC (rev 15916)
@@ -1,19 +0,0 @@
-# http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.31&r2=1.417.2.8.2.32&pathrev=PHP_5_2&view=patch
---- php-src/ext/session/session.c 2007/03/03 15:07:31 1.417.2.8.2.31
-+++ php-src/ext/session/session.c 2007/03/14 19:37:07 1.417.2.8.2.32
-@@ -846,6 +846,7 @@
- } else if (PS(invalid_session_id)) { /* address instances where the session read fails due to an invalid id */
- PS(invalid_session_id) = 0;
- efree(PS(id));
-+ PS(id) = NULL;
- goto new_session;
- }
- }
-@@ -1575,6 +1576,7 @@
- RETURN_FALSE;
- }
- efree(PS(id));
-+ PS(id) = NULL;
- }
-
- PS(id) = PS(mod)->s_create_sid(&PS(mod_data), NULL TSRMLS_CC);
Deleted: data/patches/MOPB/MOPB-24-php5.diff
===================================================================
--- data/patches/MOPB/MOPB-24-php5.diff 2011-01-18 02:17:33 UTC (rev 15915)
+++ data/patches/MOPB/MOPB-24-php5.diff 2011-01-18 02:17:42 UTC (rev 15916)
@@ -1,61 +0,0 @@
-# http://cvs.php.net/viewvc.cgi/php-src/ext/standard/array.c?r1=1.308.2.21.2.24&r2=1.308.2.21.2.25&pathrev=PHP_5_2&view=patch
---- php-src/ext/standard/array.c 2007/03/04 17:21:16 1.308.2.21.2.24
-+++ php-src/ext/standard/array.c 2007/03/16 19:38:58 1.308.2.21.2.25
-@@ -703,40 +703,40 @@
- {
- Bucket *f;
- Bucket *s;
-- zval key1, key2;
-+ zval *key1, *key2;
- zval *args[2];
- zval retval;
- int status;
-
-- args[0] = &key1;
-- args[1] = &key2;
-- INIT_PZVAL(&key1);
-- INIT_PZVAL(&key2);
-+ ALLOC_INIT_ZVAL(key1);
-+ ALLOC_INIT_ZVAL(key2);
-+ args[0] = key1;
-+ args[1] = key2;
-
- f = *((Bucket **) a);
- s = *((Bucket **) b);
-
- if (f->nKeyLength) {
-- Z_STRVAL(key1) = estrndup(f->arKey, f->nKeyLength-1);
-- Z_STRLEN(key1) = f->nKeyLength-1;
-- Z_TYPE(key1) = IS_STRING;
-+ Z_STRVAL_P(key1) = estrndup(f->arKey, f->nKeyLength-1);
-+ Z_STRLEN_P(key1) = f->nKeyLength-1;
-+ Z_TYPE_P(key1) = IS_STRING;
- } else {
-- Z_LVAL(key1) = f->h;
-- Z_TYPE(key1) = IS_LONG;
-+ Z_LVAL_P(key1) = f->h;
-+ Z_TYPE_P(key1) = IS_LONG;
- }
- if (s->nKeyLength) {
-- Z_STRVAL(key2) = estrndup(s->arKey, s->nKeyLength-1);
-- Z_STRLEN(key2) = s->nKeyLength-1;
-- Z_TYPE(key2) = IS_STRING;
-+ Z_STRVAL_P(key2) = estrndup(s->arKey, s->nKeyLength-1);
-+ Z_STRLEN_P(key2) = s->nKeyLength-1;
-+ Z_TYPE_P(key2) = IS_STRING;
- } else {
-- Z_LVAL(key2) = s->h;
-- Z_TYPE(key2) = IS_LONG;
-+ Z_LVAL_P(key2) = s->h;
-+ Z_TYPE_P(key2) = IS_LONG;
- }
-
- status = call_user_function(EG(function_table), NULL, *BG(user_compare_func_name), &retval, 2, args TSRMLS_CC);
-
-- zval_dtor(&key1);
-- zval_dtor(&key2);
-+ zval_ptr_dtor(&key1);
-+ zval_ptr_dtor(&key2);
-
- if (status == SUCCESS) {
- convert_to_long(&retval);
Deleted: data/patches/MOPB/MOPB-26-php4.diff
===================================================================
--- data/patches/MOPB/MOPB-26-php4.diff 2011-01-18 02:17:33 UTC (rev 15915)
+++ data/patches/MOPB/MOPB-26-php4.diff 2011-01-18 02:17:42 UTC (rev 15916)
@@ -1,36 +0,0 @@
---- mbstring.c 2006/12/21 17:28:57 1.142.2.47.2.19
-+++ mbstring.c 2007/03/18 17:19:30 1.142.2.47.2.20
-@@ -17,7 +17,7 @@
- +----------------------------------------------------------------------+
- */
-
--/* $Id: mbstring.c,v 1.142.2.47.2.19 2006/12/21 17:28:57 masugata Exp $ */
-+/* $Id: mbstring.c,v 1.142.2.47.2.20 2007/03/18 17:19:30 iliaa Exp $ */
-
- /*
- * PHP4 Multibyte String module "mbstring"
-@@ -1954,9 +1954,9 @@
- string.no_encoding = from_encoding;
- old_rg = PG(register_globals);
- if (argc == 1) {
-- PG(register_globals) = 1;
-+ zend_alter_ini_entry("register_globals", sizeof("register_globals"), "1", sizeof("1")-1, PHP_INI_PERDIR, PHP_INI_STAGE_RUNTIME);
- } else {
-- PG(register_globals) = 0;
-+ zend_alter_ini_entry("register_globals", sizeof("register_globals"), "0", sizeof("0")-1, PHP_INI_PERDIR, PHP_INI_STAGE_RUNTIME);
- }
- n = 0;
- while (n < num) {
-@@ -1985,7 +1985,11 @@
- mbfl_string_clear(&resvar);
- mbfl_string_clear(&resval);
- }
-- PG(register_globals) = old_rg;
-+ if (old_rg) {
-+ zend_alter_ini_entry("register_globals", sizeof("register_globals"), "1", sizeof("1")-1, PHP_INI_PERDIR, PHP_INI_STAGE_RUNTIME);
-+ } else {
-+ zend_alter_ini_entry("register_globals", sizeof("register_globals"), "0", sizeof("0")-1, PHP_INI_PERDIR, PHP_INI_STAGE_RUNTIME);
-+ }
-
- if (convd != NULL) {
- MBSTRG(illegalchars) += mbfl_buffer_illegalchars(convd);
Deleted: data/patches/MOPB/MOPB-26-php5.diff
===================================================================
--- data/patches/MOPB/MOPB-26-php5.diff 2011-01-18 02:17:33 UTC (rev 15915)
+++ data/patches/MOPB/MOPB-26-php5.diff 2011-01-18 02:17:42 UTC (rev 15916)
@@ -1,34 +0,0 @@
---- mb_gpc.c 2007/01/01 09:36:02 1.17.2.2.2.2
-+++ mb_gpc.c 2007/03/18 16:36:13 1.17.2.2.2.3
-@@ -17,7 +17,7 @@
- +----------------------------------------------------------------------+
- */
-
--/* $Id: mb_gpc.c,v 1.17.2.2.2.2 2007/01/01 09:36:02 sebastian Exp $ */
-+/* $Id: mb_gpc.c,v 1.17.2.2.2.3 2007/03/18 16:36:13 iliaa Exp $ */
-
- /* {{{ includes */
- #ifdef HAVE_CONFIG_H
-@@ -208,9 +208,8 @@
- /* register_globals stuff
- * XXX: this feature is going to be deprecated? */
-
-- if (info->force_register_globals) {
-- prev_rg_state = PG(register_globals);
-- PG(register_globals) = 1;
-+ if (info->force_register_globals && !(prev_rg_state = PG(register_globals))) {
-+ zend_alter_ini_entry("register_globals", sizeof("register_globals"), "1", sizeof("1")-1, PHP_INI_PERDIR, PHP_INI_STAGE_RUNTIME);
- }
-
- if (!res || *res == '\0') {
-@@ -343,8 +342,8 @@
-
- out:
- /* register_global stuff */
-- if (info->force_register_globals) {
-- PG(register_globals) = prev_rg_state;
-+ if (info->force_register_globals && !prev_rg_state) {
-+ zend_alter_ini_entry("register_globals", sizeof("register_globals"), "0", sizeof("0")-1, PHP_INI_PERDIR, PHP_INI_STAGE_RUNTIME);
- }
-
- if (convd != NULL) {
Deleted: data/patches/MOPB/MOPB-29-php5.diff
===================================================================
--- data/patches/MOPB/MOPB-29-php5.diff 2011-01-18 02:17:33 UTC (rev 15915)
+++ data/patches/MOPB/MOPB-29-php5.diff 2011-01-18 02:17:42 UTC (rev 15916)
@@ -1,43 +0,0 @@
-# http://cvs.php.net/viewvc.cgi/php-src/ext/standard/var_unserializer.re?r1=1.52.2.2.2.1&r2=1.52.2.2.2.2&pathrev=PHP_5_2&view=patch
---- php-src/ext/standard/var_unserializer.re 2006/12/15 00:58:08 1.52.2.2.2.1
-+++ php-src/ext/standard/var_unserializer.re 2007/03/23 20:15:21 1.52.2.2.2.2
-@@ -138,12 +138,18 @@
-
- /* }}} */
-
--static char *unserialize_str(const unsigned char **p, int len)
-+static char *unserialize_str(const unsigned char **p, size_t *len)
- {
-- int i, j;
-- char *str = emalloc(len+1);
-+ size_t i, j;
-+ char *str = safe_emalloc(*len, 1, 1);
-+ unsigned char *end = *p+*len;
-
-- for (i = 0; i < len; i++) {
-+ if(end < *p) {
-+ efree(str);
-+ return NULL;
-+ }
-+
-+ for (i = 0; i < *len && *p < end; i++) {
- if (**p != '\\') {
- str[i] = (char)**p;
- } else {
-@@ -167,6 +173,7 @@
- (*p)++;
- }
- str[i] = 0;
-+ *len = i;
- return str;
- }
-
-@@ -518,7 +525,7 @@
- return 0;
- }
-
-- if ((str = unserialize_str(&YYCURSOR, len)) == NULL) {
-+ if ((str = unserialize_str(&YYCURSOR, &len)) == NULL) {
- return 0;
- }
-
Deleted: data/patches/MOPB/MOPB-30-php5.diff
===================================================================
--- data/patches/MOPB/MOPB-30-php5.diff 2011-01-18 02:17:33 UTC (rev 15915)
+++ data/patches/MOPB/MOPB-30-php5.diff 2011-01-18 02:17:42 UTC (rev 15916)
@@ -1,37 +0,0 @@
---- old/ext/session/session.c 2006/12/04 15:58:48 1.417.2.8.2.20
-+++ new/ext/session/session.c 2006/12/26 16:53:47 1.417.2.8.2.22
-@@ -583,16 +598,20 @@
- zend_delete_global_variable("HTTP_SESSION_VARS", sizeof("HTTP_SESSION_VARS")-1 TSRMLS_CC);
- zend_delete_global_variable("_SESSION", sizeof("_SESSION")-1 TSRMLS_CC);
-
-+ if (PS(http_session_vars)) {
-+ zval_ptr_dtor(&PS(http_session_vars));
-+ }
-+
- MAKE_STD_ZVAL(session_vars);
- array_init(session_vars);
- PS(http_session_vars) = session_vars;
-
- if (PG(register_long_arrays)) {
-- ZEND_SET_GLOBAL_VAR_WITH_LENGTH("HTTP_SESSION_VARS", sizeof("HTTP_SESSION_VARS"), PS(http_session_vars), 2, 1);
-- ZEND_SET_GLOBAL_VAR_WITH_LENGTH("_SESSION", sizeof("_SESSION"), PS(http_session_vars), 2, 1);
-+ ZEND_SET_GLOBAL_VAR_WITH_LENGTH("HTTP_SESSION_VARS", sizeof("HTTP_SESSION_VARS"), PS(http_session_vars), 3, 1);
-+ ZEND_SET_GLOBAL_VAR_WITH_LENGTH("_SESSION", sizeof("_SESSION"), PS(http_session_vars), 3, 1);
- }
- else {
-- ZEND_SET_GLOBAL_VAR_WITH_LENGTH("_SESSION", sizeof("_SESSION"), PS(http_session_vars), 1, 0);
-+ ZEND_SET_GLOBAL_VAR_WITH_LENGTH("_SESSION", sizeof("_SESSION"), PS(http_session_vars), 2, 1);
- }
- }
-
-@@ -1828,6 +1847,10 @@
-
- static void php_rshutdown_session_globals(TSRMLS_D)
- {
-+ if (PS(http_session_vars)) {
-+ zval_ptr_dtor(&PS(http_session_vars));
-+ PS(http_session_vars) = NULL;
-+ }
- if (PS(mod_data)) {
- zend_try {
- PS(mod)->s_close(&PS(mod_data) TSRMLS_CC);
Deleted: data/patches/MOPB/MOPB-32-php4.diff
===================================================================
--- data/patches/MOPB/MOPB-32-php4.diff 2011-01-18 02:17:33 UTC (rev 15915)
+++ data/patches/MOPB/MOPB-32-php4.diff 2011-01-18 02:17:42 UTC (rev 15916)
@@ -1,11 +0,0 @@
-diff -aur php-4.4.6/ext/session/session.c php-4.4.7RC1/ext/session/session.c
---- php-4.4.6/ext/session/session.c 2007-02-15 10:41:30.000000000 +0100
-+++ php-4.4.7RC1/ext/session/session.c 2007-04-04 21:52:26.000000000 +0200
-@@ -535,7 +535,6 @@
-
- if (zend_hash_find(&EG(symbol_table), name, namelen + 1, (void **) &tmp) == SUCCESS) {
- if ((Z_TYPE_PP(tmp) == IS_ARRAY && Z_ARRVAL_PP(tmp) == &EG(symbol_table)) || *tmp == PS(http_session_vars)) {
-- efree(name);
- goto skip;
- }
- }
Deleted: data/patches/MOPB/MOPB-34-php5.diff
===================================================================
--- data/patches/MOPB/MOPB-34-php5.diff 2011-01-18 02:17:33 UTC (rev 15915)
+++ data/patches/MOPB/MOPB-34-php5.diff 2011-01-18 02:17:42 UTC (rev 15916)
@@ -1,28 +0,0 @@
-# http://cvs.php.net/viewvc.cgi/php-src/ext/standard/mail.c?r1=1.87.2.1.2.4&r2=1.87.2.1.2.5&pathrev=PHP_5_2&view=patch
-# http://cvs.php.net/viewvc.cgi/php-src/ext/mbstring/mbstring.c?r1=1.224.2.22.2.21&r2=1.224.2.22.2.22&pathrev=PHP_5_2&view=patch
---- php-src/ext/standard/mail.c 2007/03/27 09:20:27 1.87.2.1.2.4
-+++ php-src/ext/standard/mail.c 2007/03/30 00:28:58 1.87.2.1.2.5
-@@ -48,8 +48,8 @@
-
- #define SKIP_LONG_HEADER_SEP(str, pos) \
- if (str[pos] == '\r' && str[pos + 1] == '\n' && (str[pos + 2] == ' ' || str[pos + 2] == '\t')) { \
-- pos += 3; \
-- while (str[pos] == ' ' || str[pos] == '\t') { \
-+ pos += 2; \
-+ while (str[pos + 1] == ' ' || str[pos + 1] == '\t') { \
- pos++; \
- } \
- continue; \
---- php-src/ext/mbstring/mbstring.c 2007/02/24 02:17:24 1.224.2.22.2.21
-+++ php-src/ext/mbstring/mbstring.c 2007/04/04 15:25:41 1.224.2.22.2.22
-@@ -3301,8 +3301,8 @@
-
- #define SKIP_LONG_HEADER_SEP_MBSTRING(str, pos) \
- if (str[pos] == '\r' && str[pos + 1] == '\n' && (str[pos + 2] == ' ' || str[pos + 2] == '\t')) { \
-- pos += 3; \
-- while (str[pos] == ' ' || str[pos] == '\t') { \
-+ pos += 2; \
-+ while (str[pos + 1] == ' ' || str[pos + 1] == '\t') { \
- pos++; \
- } \
- continue; \
Deleted: data/patches/MOPB/MOPB-35-php4.diff
===================================================================
--- data/patches/MOPB/MOPB-35-php4.diff 2011-01-18 02:17:33 UTC (rev 15915)
+++ data/patches/MOPB/MOPB-35-php4.diff 2011-01-18 02:17:42 UTC (rev 15916)
@@ -1,31 +0,0 @@
---- zip.c 2007/01/01 09:46:50 1.33.2.3.2.2
-+++ zip.c 2007/01/02 14:40:32 1.33.2.3.2.3
-@@ -16,7 +16,7 @@
- +----------------------------------------------------------------------+
- */
-
--/* $Id: zip.c,v 1.33.2.3.2.2 2007/01/01 09:46:50 sebastian Exp $ */
-+/* $Id: zip.c,v 1.33.2.3.2.3 2007/01/02 14:40:32 iliaa Exp $ */
-
- #ifdef HAVE_CONFIG_H
- #include "config.h"
-@@ -283,7 +283,7 @@
- }
- /* }}} */
-
--/* {{{ proto string zip_entry_read(resource zip_ent)
-+/* {{{ proto string zip_entry_read(resource zip_ent [, int nbytes])
- Read X bytes from an opened zip entry */
- PHP_FUNCTION(zip_entry_read)
- {
-@@ -295,6 +295,10 @@
-
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r|l", &zzip_ent, &len) == FAILURE) {
- return;
-+ }
-+ if (len <= 0) {
-+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "The bytes parameter must greater then zero");
-+ RETURN_FALSE;
- }
- ZEND_FETCH_RESOURCE(entry, php_zzip_dirent *, &zzip_ent, -1, le_zip_entry_name, le_zip_entry);
-
Deleted: data/patches/MOPB/MOPB-41-php5.diff
===================================================================
--- data/patches/MOPB/MOPB-41-php5.diff 2011-01-18 02:17:33 UTC (rev 15915)
+++ data/patches/MOPB/MOPB-41-php5.diff 2011-01-18 02:17:42 UTC (rev 15916)
@@ -1,39 +0,0 @@
-diff -uNrp php5-5.2.1/ext/sqlite/sess_sqlite.c php5-5.2.1-kees/ext/sqlite/sess_sqlite.c
---- php5-5.2.1/ext/sqlite/sess_sqlite.c 2007-01-01 01:36:07.000000000 -0800
-+++ php5-5.2.1-kees/ext/sqlite/sess_sqlite.c 2007-04-18 17:05:57.000000000 -0700
-@@ -31,6 +31,11 @@
- extern int sqlite_encode_binary(const unsigned char *in, int n, unsigned char *out);
- extern int sqlite_decode_binary(const unsigned char *in, unsigned char *out);
-
-+#define php_sqlite_decode_binary(in, out) ( \
-+ (!in || !*in) ? 0 : \
-+ sqlite_decode_binary((const unsigned char *)in, (unsigned char *)out) \
-+)
-+
- PS_FUNCS(sqlite);
-
- ps_module ps_mod_sqlite = {
-@@ -111,7 +116,7 @@ PS_READ_FUNC(sqlite)
- if (rowdata[0] != NULL) {
- *vallen = strlen(rowdata[0]);
- *val = emalloc(*vallen);
-- *vallen = sqlite_decode_binary(rowdata[0], *val);
-+ *vallen = php_sqlite_decode_binary(rowdata[0], *val);
- (*val)[*vallen] = '\0';
- }
- break;
-diff -uNrp php5-5.2.1/ext/sqlite/sqlite.c php5-5.2.1-kees/ext/sqlite/sqlite.c
---- php5-5.2.1/ext/sqlite/sqlite.c 2007-01-01 01:36:07.000000000 -0800
-+++ php5-5.2.1-kees/ext/sqlite/sqlite.c 2007-04-18 17:04:43.000000000 -0700
-@@ -73,7 +73,10 @@ extern int sqlite_encode_binary(const un
- extern int sqlite_decode_binary(const unsigned char *in, unsigned char *out);
-
- #define php_sqlite_encode_binary(in, n, out) sqlite_encode_binary((const unsigned char *)in, n, (unsigned char *)out)
--#define php_sqlite_decode_binary(in, out) sqlite_decode_binary((const unsigned char *)in, (unsigned char *)out)
-+#define php_sqlite_decode_binary(in, out) ( \
-+ (!in || !*in) ? 0 : \
-+ sqlite_decode_binary((const unsigned char *)in, (unsigned char *)out) \
-+)
-
- static int sqlite_count_elements(zval *object, long *count TSRMLS_DC);
-
Deleted: data/patches/MOPB/MOPB-42-php5.diff
===================================================================
--- data/patches/MOPB/MOPB-42-php5.diff 2011-01-18 02:17:33 UTC (rev 15915)
+++ data/patches/MOPB/MOPB-42-php5.diff 2011-01-18 02:17:42 UTC (rev 15916)
@@ -1,13 +0,0 @@
-# http://cvs.php.net/viewvc.cgi/php-src/main/streams/filter.c?r1=1.17.2.3.2.4&r2=1.17.2.3.2.5&pathrev=PHP_5_2&view=patch
---- filter.c 2006/11/21 20:58:17 1.17.2.3.2.4
-+++ filter.c 2006/12/25 13:11:23 1.17.2.3.2.5
-@@ -265,7 +265,8 @@
- /* try a wildcard */
- char *wildname;
-
-- wildname = estrdup(filtername);
-+ wildname = emalloc(n+3);
-+ memcpy(wildname, filtername, n+1);
- period = wildname + (period - filtername);
- while (period && !filter) {
- *period = '\0';
Deleted: data/patches/MOPB/MOPB-44-php5.diff
===================================================================
--- data/patches/MOPB/MOPB-44-php5.diff 2011-01-18 02:17:33 UTC (rev 15915)
+++ data/patches/MOPB/MOPB-44-php5.diff 2011-01-18 02:17:42 UTC (rev 15916)
@@ -1,91 +0,0 @@
---- old/Zend/zend_alloc.c 2006/12/20 10:49:32 1.144.2.3.2.27
-+++ new/Zend/zend_alloc.c 2006/12/25 12:16:33 1.144.2.3.2.28
-@@ -454,11 +454,11 @@
- #define ZEND_MM_ALIGNED_MIN_HEADER_SIZE (ZEND_MM_MIN_ALLOC_BLOCK_SIZE>ZEND_MM_ALIGNED_FREE_HEADER_SIZE?ZEND_MM_MIN_ALLOC_BLOCK_SIZE:ZEND_MM_ALIGNED_FREE_HEADER_SIZE)
- #define ZEND_MM_ALIGNED_SEGMENT_SIZE ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_segment))
-
--#define ZEND_MM_MIN_SIZE (ZEND_MM_ALIGNED_MIN_HEADER_SIZE-(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE))
-+#define ZEND_MM_MIN_SIZE ((ZEND_MM_ALIGNED_MIN_HEADER_SIZE>(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE))?(ZEND_MM_ALIGNED_MIN_HEADER_SIZE-(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE)):0)
-
- #define ZEND_MM_MAX_SMALL_SIZE (((ZEND_MM_NUM_BUCKETS-1)<<ZEND_MM_ALIGNMENT_LOG2)+ZEND_MM_ALIGNED_MIN_HEADER_SIZE)
-
--#define ZEND_MM_TRUE_SIZE(size) (((long)size<(long)ZEND_MM_MIN_SIZE)?(ZEND_MM_ALIGNED_MIN_HEADER_SIZE):(ZEND_MM_ALIGNED_SIZE(size+ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE)))
-+#define ZEND_MM_TRUE_SIZE(size) ((size<ZEND_MM_MIN_SIZE)?(ZEND_MM_ALIGNED_MIN_HEADER_SIZE):(ZEND_MM_ALIGNED_SIZE(size+ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE)))
-
- #define ZEND_MM_BUCKET_INDEX(true_size) ((true_size>>ZEND_MM_ALIGNMENT_LOG2)-(ZEND_MM_ALIGNED_MIN_HEADER_SIZE>>ZEND_MM_ALIGNMENT_LOG2)+1)
-
-@@ -1332,6 +1332,9 @@
- zend_mm_free_block *p, *end, *best_fit = NULL;
- size_t true_size = ZEND_MM_TRUE_SIZE(size);
-
-+ if (true_size < size) {
-+ goto out_of_memory;
-+ }
- if (ZEND_MM_SMALL_SIZE(true_size)) {
- size_t index = ZEND_MM_BUCKET_INDEX(true_size);
- unsigned int bitmap;
-@@ -1422,7 +1425,7 @@
- size_t remaining_size;
- zend_mm_segment *segment;
-
-- if (true_size + ZEND_MM_ALIGNED_SEGMENT_SIZE + ZEND_MM_ALIGNED_HEADER_SIZE > heap->block_size) {
-+ if (true_size > heap->block_size - (ZEND_MM_ALIGNED_SEGMENT_SIZE + ZEND_MM_ALIGNED_HEADER_SIZE)) {
- /* Make sure we add a memory block which is big enough,
- segment must have header "size" and trailer "guard" block */
- segment_size = true_size + ZEND_MM_ALIGNED_SEGMENT_SIZE + ZEND_MM_ALIGNED_HEADER_SIZE;
-@@ -1433,7 +1436,8 @@
-
- HANDLE_BLOCK_INTERRUPTIONS();
-
-- if (heap->real_size + segment_size > heap->limit) {
-+ if (segment_size < true_size ||
-+ heap->real_size + segment_size > heap->limit) {
- /* Memory limit overflow */
- #if ZEND_MM_CACHE
- zend_mm_free_cache(heap);
-@@ -1454,6 +1458,7 @@
- zend_mm_free_cache(heap);
- #endif
- HANDLE_UNBLOCK_INTERRUPTIONS();
-+out_of_memory:
- #if ZEND_DEBUG
- zend_mm_safe_error(heap, "Out of memory (allocated %d) at %s:%d (tried to allocate %d bytes)", heap->real_size, __zend_filename, __zend_lineno, size);
- #else
-@@ -1617,6 +1622,10 @@
- orig_size = ZEND_MM_BLOCK_SIZE(mm_block);
- ZEND_MM_CHECK_PROTECTION(mm_block);
-
-+ if (true_size < size) {
-+ goto out_of_memory;
-+ }
-+
- if (true_size <= orig_size) {
- size_t remaining_size = orig_size - true_size;
-
-@@ -1694,7 +1703,7 @@
- HANDLE_BLOCK_INTERRUPTIONS();
- realloc_segment:
- /* segment size, size of block and size of guard block */
-- if (true_size+ZEND_MM_ALIGNED_SEGMENT_SIZE+ZEND_MM_ALIGNED_HEADER_SIZE > heap->block_size) {
-+ if (true_size > heap->block_size - (ZEND_MM_ALIGNED_SEGMENT_SIZE + ZEND_MM_ALIGNED_HEADER_SIZE)) {
- segment_size = true_size+ZEND_MM_ALIGNED_SEGMENT_SIZE+ZEND_MM_ALIGNED_HEADER_SIZE;
- segment_size = ((segment_size + (heap->block_size-1)) / heap->block_size) * heap->block_size;
- } else {
-@@ -1702,7 +1711,8 @@
- }
-
- segment_copy = (zend_mm_segment *) ((char *)mm_block - ZEND_MM_ALIGNED_SEGMENT_SIZE);
-- if (heap->real_size + segment_size - segment_copy->size > heap->limit) {
-+ if (segment_size < true_size ||
-+ heap->real_size + segment_size - segment_copy->size > heap->limit) {
- #if ZEND_MM_CACHE
- zend_mm_free_cache(heap);
- #endif
-@@ -1721,6 +1731,7 @@
- zend_mm_free_cache(heap);
- #endif
- HANDLE_UNBLOCK_INTERRUPTIONS();
-+out_of_memory:
- #if ZEND_DEBUG
- zend_mm_safe_error(heap, "Out of memory (allocated %d) at %s:%d (tried to allocate %d bytes)", heap->real_size, __zend_filename, __zend_lineno, size);
- #else
Deleted: data/patches/MOPB/MOPB-45-php5.diff
===================================================================
--- data/patches/MOPB/MOPB-45-php5.diff 2011-01-18 02:17:33 UTC (rev 15915)
+++ data/patches/MOPB/MOPB-45-php5.diff 2011-01-18 02:17:42 UTC (rev 15916)
@@ -1,13 +0,0 @@
-Index: php5-5.2.0/ext/filter/logical_filters.c
-===================================================================
---- php5-5.2.0.orig/ext/filter/logical_filters.c 2006-10-17 17:26:14.000000000 +0200
-+++ php5-5.2.0/ext/filter/logical_filters.c 2007-04-23 23:10:52.000000000 +0200
-@@ -500,7 +500,7 @@
- void php_filter_validate_email(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
- {
- /* From http://cvs.php.net/co.php/pear/HTML_QuickForm/QuickForm/Rule/Email.php?r=1.4 */
-- const char regexp[] = "/^((\\\"[^\\\"\\f\\n\\r\\t\\v\\b]+\\\")|([\\w\\!\\#\\$\\%\\&\\'\\*\\+\\-\\~\\/\\^\\`\\|\\{\\}]+(\\.[\\w\\!\\#\\$\\%\\&\\'\\*\\+\\-\\~\\/\\^\\`\\|\\{\\}]+)*))@((\\[(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))\\])|(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))|((([A-Za-z0-9\\-])+\\.)+[A-Za-z\\-]+))$/";
-+ const char regexp[] = "/^((\\\"[^\\\"\\f\\n\\r\\t\\v\\b]+\\\")|([\\w\\!\\#\\$\\%\\&\\'\\*\\+\\-\\~\\/\\^\\`\\|\\{\\}]+(\\.[\\w\\!\\#\\$\\%\\&\\'\\*\\+\\-\\~\\/\\^\\`\\|\\{\\}]+)*))@((\\[(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))\\])|(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))|((([A-Za-z0-9\\-])+\\.)+[A-Za-z\\-]+))$/D";
-
- pcre *re = NULL;
- pcre_extra *pcre_extra = NULL;
Deleted: data/patches/MOPB/php4-etch/069-CVE-2007-0910-updated-for-MOPB-32.patch
===================================================================
--- data/patches/MOPB/php4-etch/069-CVE-2007-0910-updated-for-MOPB-32.patch 2011-01-18 02:17:33 UTC (rev 15915)
+++ data/patches/MOPB/php4-etch/069-CVE-2007-0910-updated-for-MOPB-32.patch 2011-01-18 02:17:42 UTC (rev 15916)
@@ -1,140 +0,0 @@
-
-Fix possible super-global clobbers; CVE-2007-0910
-
-Fix possible overflows and stack corruptions covered by CVE-2007-0906.
-
---- php-4.3.9/ext/session/session.c.cve0910
-+++ php-4.3.9/ext/session/session.c
-@@ -267,8 +267,12 @@
- {
- zval **sym_track = NULL;
-
-- zend_hash_find(Z_ARRVAL_P(PS(http_session_vars)), name, namelen + 1,
-- (void *) &sym_track);
-+ IF_SESSION_VARS() {
-+ zend_hash_find(Z_ARRVAL_P(PS(http_session_vars)), name, namelen + 1,
-+ (void *) &sym_track);
-+ } else {
-+ return;
-+ }
-
- /*
- * Set up a proper reference between $_SESSION["x"] and $x.
-@@ -277,9 +271,12 @@
- if (PG(register_globals)) {
- zval **sym_global = NULL;
-
-- zend_hash_find(&EG(symbol_table), name, namelen + 1,
-- (void *) &sym_global);
--
-+ if (zend_hash_find(&EG(symbol_table), name, namelen + 1, (void *) &sym_global) == SUCCESS) {
-+ if ((Z_TYPE_PP(sym_global) == IS_ARRAY && Z_ARRVAL_PP(sym_global) == &EG(symbol_table)) || *sym_global == PS(http_session_vars)) {
-+ return;
-+ }
-+ }
-+
- if (sym_global == NULL && sym_track == NULL) {
- zval *empty_var;
-
-@@ -309,7 +298,10 @@
- if (PG(register_globals)) {
- zval **old_symbol;
- if (zend_hash_find(&EG(symbol_table),name,namelen+1,(void *)&old_symbol) == SUCCESS) {
--
-+ if ((Z_TYPE_PP(old_symbol) == IS_ARRAY && Z_ARRVAL_PP(old_symbol) == &EG(symbol_table)) || *old_symbol == PS(http_session_vars)) {
-+ return;
-+ }
-+
- /*
- * A global symbol with the same name exists already. That
- * symbol might have been created by other means (e.g. $_GET).
-@@ -418,13 +410,26 @@
- PHP_VAR_UNSERIALIZE_INIT(var_hash);
-
- for (p = val; p < endptr; ) {
-+ zval **tmp;
- namelen = *p & (~PS_BIN_UNDEF);
-+
-+ if (namelen > PS_BIN_MAX || (p + namelen) >= endptr) {
-+ return FAILURE;
-+ }
-+
- has_value = *p & PS_BIN_UNDEF ? 0 : 1;
-
- name = estrndup(p + 1, namelen);
-
- p += namelen + 1;
--
-+
-+ if (zend_hash_find(&EG(symbol_table), name, namelen + 1, (void **) &tmp) == SUCCESS) {
-+ if ((Z_TYPE_PP(tmp) == IS_ARRAY && Z_ARRVAL_PP(tmp) == &EG(symbol_table)) || *tmp == PS(http_session_vars)) {
-+ efree(name);
-+ continue;
-+ }
-+ }
-+
- if (has_value) {
- ALLOC_INIT_ZVAL(current);
- if (php_var_unserialize(¤t, (const unsigned char **)&p, endptr, &var_hash TSRMLS_CC)) {
-@@ -490,6 +495,7 @@
- p = val;
-
- while (p < endptr) {
-+ zval **tmp;
- q = p;
- while (*q != PS_DELIMITER)
- if (++q >= endptr) goto break_outer_loop;
-@@ -504,7 +510,14 @@
- namelen = q - p;
- name = estrndup(p, namelen);
- q++;
--
-+
-+ if (zend_hash_find(&EG(symbol_table), name, namelen + 1, (void **) &tmp) == SUCCESS) {
-+ if ((Z_TYPE_PP(tmp) == IS_ARRAY && Z_ARRVAL_PP(tmp) == &EG(symbol_table)) || *tmp == PS(http_session_vars)) {
-+
-+ goto skip;
-+ }
-+ }
-+
- if (has_value) {
- ALLOC_INIT_ZVAL(current);
- if (php_var_unserialize(¤t, (const unsigned char **)&q, endptr, &var_hash TSRMLS_CC)) {
-@@ -513,6 +526,7 @@
- zval_ptr_dtor(¤t);
- }
- PS_ADD_VARL(name, namelen);
-+skip:
- efree(name);
-
- p = q;
-@@ -532,12 +547,16 @@
- zend_hash_del(&EG(symbol_table), "HTTP_SESSION_VARS", sizeof("HTTP_SESSION_VARS"));
- zend_hash_del(&EG(symbol_table), "_SESSION", sizeof("_SESSION"));
-
-+ if (PS(http_session_vars)) {
-+ zval_ptr_dtor(&PS(http_session_vars));
-+ }
-+
- MAKE_STD_ZVAL(session_vars);
- array_init(session_vars);
- PS(http_session_vars) = session_vars;
-
-- ZEND_SET_GLOBAL_VAR_WITH_LENGTH("HTTP_SESSION_VARS", sizeof("HTTP_SESSION_VARS"), PS(http_session_vars), 2, 1);
-- ZEND_SET_GLOBAL_VAR_WITH_LENGTH("_SESSION", sizeof("_SESSION"), PS(http_session_vars), 2, 1);
-+ ZEND_SET_GLOBAL_VAR_WITH_LENGTH("HTTP_SESSION_VARS", sizeof("HTTP_SESSION_VARS"), PS(http_session_vars), 3, 1);
-+ ZEND_SET_GLOBAL_VAR_WITH_LENGTH("_SESSION", sizeof("_SESSION"), PS(http_session_vars), 3, 1);
- }
-
- static char *php_session_encode(int *newlen TSRMLS_DC)
-@@ -1637,6 +1605,10 @@
-
- static void php_rshutdown_session_globals(TSRMLS_D)
- {
-+ if (PS(http_session_vars)) {
-+ zval_ptr_dtor(&PS(http_session_vars));
-+ PS(http_session_vars) = NULL;
-+ }
- if (PS(mod_data)) {
- zend_try {
- PS(mod)->s_close(&PS(mod_data) TSRMLS_CC);
Deleted: data/patches/MOPB/php4-etch/071-CVE-2007-1380-MOPB-10.patch
===================================================================
--- data/patches/MOPB/php4-etch/071-CVE-2007-1380-MOPB-10.patch 2011-01-18 02:17:33 UTC (rev 15915)
+++ data/patches/MOPB/php4-etch/071-CVE-2007-1380-MOPB-10.patch 2011-01-18 02:17:42 UTC (rev 15916)
@@ -1,11 +0,0 @@
---- php4-4.4.4/ext/session/session.c 2006/12/26 16:53:47 1.417.2.8.2.22
-+++ php4-4.4.4/ext/session/session.c 2006/12/31 22:25:55 1.417.2.8.2.23
-@@ -471,7 +471,7 @@
- zval **tmp;
- namelen = *p & (~PS_BIN_UNDEF);
-
-- if (namelen > PS_BIN_MAX || (p + namelen) >= endptr) {
-+ if (namelen < 0 || namelen > PS_BIN_MAX || (p + namelen) >= endptr) {
- return FAILURE;
- }
-
Deleted: data/patches/MOPB/php4-etch/072-CVE-2007-1718-MOPB-34.patch
===================================================================
--- data/patches/MOPB/php4-etch/072-CVE-2007-1718-MOPB-34.patch 2011-01-18 02:17:33 UTC (rev 15915)
+++ data/patches/MOPB/php4-etch/072-CVE-2007-1718-MOPB-34.patch 2011-01-18 02:17:42 UTC (rev 15916)
@@ -1,26 +0,0 @@
---- php4-4.4.4.orig/ext/mbstring/mbstring.c 2006-04-03 15:04:13.000000000 +0200
-+++ php4-4.4.4/ext/mbstring/mbstring.c 2007-04-19 22:16:46.000000000 +0200
-@@ -3499,8 +3499,8 @@
- #if HAVE_SENDMAIL
- #define SKIP_LONG_HEADER_SEP_MBSTRING(str, pos) \
- if (str[pos] == '\r' && str[pos + 1] == '\n' && (str[pos + 2] == ' ' || str[pos + 2] == '\t')) { \
-- pos += 3; \
-- while (str[pos] == ' ' || str[pos] == '\t') { \
-+ pos += 2; \
-+ while (str[pos + 1] == ' ' || str[pos + 1] == '\t') { \
- pos++; \
- } \
- continue; \
---- php4-4.4.4.orig/ext/standard/mail.c 2006-01-01 14:46:57.000000000 +0100
-+++ php4-4.4.4/ext/standard/mail.c 2007-04-19 22:15:48.000000000 +0200
-@@ -48,8 +48,8 @@
-
- #define SKIP_LONG_HEADER_SEP(str, pos) \
- if (str[pos] == '\r' && str[pos + 1] == '\n' && (str[pos + 2] == ' ' || str[pos + 2] == '\t')) { \
-- pos += 3; \
-- while (str[pos] == ' ' || str[pos] == '\t') { \
-+ pos += 2; \
-+ while (str[pos + 1] == ' ' || str[pos + 1] == '\t') { \
- pos++; \
- } \
- continue; \
Deleted: data/patches/MOPB/php4-etch/073-CVE-2007-1521-MOPB-22.patch
===================================================================
--- data/patches/MOPB/php4-etch/073-CVE-2007-1521-MOPB-22.patch 2011-01-18 02:17:33 UTC (rev 15915)
+++ data/patches/MOPB/php4-etch/073-CVE-2007-1521-MOPB-22.patch 2011-01-18 02:17:42 UTC (rev 15916)
@@ -1,23 +0,0 @@
-diff -aur php-4.4.6/ext/session/session.c php-4.4.7RC1/ext/session/session.c
---- php/ext/session/session.c 2007-02-15 10:41:30.000000000 +0100
-+++ php4-4.4.4/ext/session/session.c 2007-04-04 21:52:26.000000000 +0200
-@@ -1396,7 +1395,10 @@
- RETURN_FALSE;
- }
- if (PS(session_status) == php_session_active) {
-- if (PS(id)) efree(PS(id));
-+ if (PS(id)) {
-+ efree(PS(id));
-+ PS(id) = NULL;
-+ }
-
- PS(id) = PS(mod)->s_create_sid(&PS(mod_data), NULL TSRMLS_CC);
-
-@@ -1688,6 +1690,7 @@
- }
- if (PS(id)) {
- efree(PS(id));
-+ PS(id) = NULL;
- }
- PS(session_status)=php_session_none;
- }
Deleted: data/patches/MOPB/php4-etch/074-CVE-2007-1286-MOPB-04.patch
===================================================================
--- data/patches/MOPB/php4-etch/074-CVE-2007-1286-MOPB-04.patch 2011-01-18 02:17:33 UTC (rev 15915)
+++ data/patches/MOPB/php4-etch/074-CVE-2007-1286-MOPB-04.patch 2011-01-18 02:17:42 UTC (rev 15916)
@@ -1,24 +0,0 @@
---- php4/ext/standard/var_unserializer.c 2006/08/09 23:29:17 1.18.4.24.2.7
-+++ php4-4.4.4/ext/standard/var_unserializer.c 2006/10/27 08:35:25 1.18.4.24.2.8
-@@ -958,6 +958,10 @@
-
- if (*rval == *rval_ref) return 0;
-
-+ if ((*rval_ref)->refcount > 65500) {
-+ return 0;
-+ }
-+
- if (*rval != NULL) {
- zval_ptr_dtor(rval);
- }
-@@ -999,6 +1003,10 @@
-
- id = parse_iv(start + 2) - 1;
- if (id == -1 || var_access(var_hash, id, &rval_ref) != SUCCESS) {
-+ return 0;
-+ }
-+
-+ if ((*rval_ref)->refcount > 65500) {
- return 0;
- }
-
Deleted: data/patches/MOPB/php4-sarge/CVE-2007-0910-updated-for-MOPB-32.patch
===================================================================
--- data/patches/MOPB/php4-sarge/CVE-2007-0910-updated-for-MOPB-32.patch 2011-01-18 02:17:33 UTC (rev 15915)
+++ data/patches/MOPB/php4-sarge/CVE-2007-0910-updated-for-MOPB-32.patch 2011-01-18 02:17:42 UTC (rev 15916)
@@ -1,151 +0,0 @@
-
-Fix possible super-global clobbers; CVE-2007-0910
-
-Fix possible overflows and stack corruptions covered by CVE-2007-0906.
-
-Fix double free introduced by former security fix, MOPB-32.
-
---- php-4.3.9/ext/session/session.c.cve0910
-+++ php-4.3.9/ext/session/session.c
-@@ -252,8 +249,12 @@
- {
- zval **sym_track = NULL;
-
-- zend_hash_find(Z_ARRVAL_P(PS(http_session_vars)), name, namelen + 1,
-- (void *) &sym_track);
-+ IF_SESSION_VARS() {
-+ zend_hash_find(Z_ARRVAL_P(PS(http_session_vars)), name, namelen + 1,
-+ (void *) &sym_track);
-+ } else {
-+ return;
-+ }
-
- /*
- * Set up a proper reference between $_SESSION["x"] and $x.
-@@ -262,9 +263,12 @@
- if (PG(register_globals)) {
- zval **sym_global = NULL;
-
-- zend_hash_find(&EG(symbol_table), name, namelen + 1,
-- (void *) &sym_global);
--
-+ if (zend_hash_find(&EG(symbol_table), name, namelen + 1, (void *) &sym_global) == SUCCESS) {
-+ if ((Z_TYPE_PP(sym_global) == IS_ARRAY && Z_ARRVAL_PP(sym_global) == &EG(symbol_table)) || *sym_global == PS(http_session_vars)) {
-+ return;
-+ }
-+ }
-+
- if (sym_global == NULL && sym_track == NULL) {
- zval *empty_var;
-
-@@ -294,7 +298,10 @@
- if (PG(register_globals)) {
- zval **old_symbol;
- if (zend_hash_find(&EG(symbol_table),name,namelen+1,(void *)&old_symbol) == SUCCESS) {
--
-+ if ((Z_TYPE_PP(old_symbol) == IS_ARRAY && Z_ARRVAL_PP(old_symbol) == &EG(symbol_table)) || *old_symbol == PS(http_session_vars)) {
-+ return;
-+ }
-+
- /*
- * A global symbol with the same name exists already. That
- * symbol might have been created by other means (e.g. $_GET).
-@@ -403,13 +410,26 @@
- PHP_VAR_UNSERIALIZE_INIT(var_hash);
-
- for (p = val; p < endptr; ) {
-+ zval **tmp;
- namelen = *p & (~PS_BIN_UNDEF);
-+
-+ if (namelen > PS_BIN_MAX || (p + namelen) >= endptr) {
-+ return FAILURE;
-+ }
-+
- has_value = *p & PS_BIN_UNDEF ? 0 : 1;
-
- name = estrndup(p + 1, namelen);
-
- p += namelen + 1;
--
-+
-+ if (zend_hash_find(&EG(symbol_table), name, namelen + 1, (void **) &tmp) == SUCCESS) {
-+ if ((Z_TYPE_PP(tmp) == IS_ARRAY && Z_ARRVAL_PP(tmp) == &EG(symbol_table)) || *tmp == PS(http_session_vars)) {
-+ efree(name);
-+ continue;
-+ }
-+ }
-+
- if (has_value) {
- ALLOC_INIT_ZVAL(current);
- if (php_var_unserialize(¤t, (const unsigned char **)&p, endptr, &var_hash TSRMLS_CC)) {
-@@ -475,6 +495,7 @@
- p = val;
-
- while (p < endptr) {
-+ zval **tmp;
- q = p;
- while (*q != PS_DELIMITER)
- if (++q >= endptr) goto break_outer_loop;
-@@ -489,7 +510,14 @@
- namelen = q - p;
- name = estrndup(p, namelen);
- q++;
--
-+
-+ if (zend_hash_find(&EG(symbol_table), name, namelen + 1, (void **) &tmp) == SUCCESS) {
-+ if ((Z_TYPE_PP(tmp) == IS_ARRAY && Z_ARRVAL_PP(tmp) == &EG(symbol_table)) || *tmp == PS(http_session_vars)) {
-+
-+ goto skip;
-+ }
-+ }
-+
- if (has_value) {
- ALLOC_INIT_ZVAL(current);
- if (php_var_unserialize(¤t, (const unsigned char **)&q, endptr, &var_hash TSRMLS_CC)) {
-@@ -498,6 +526,7 @@
- zval_ptr_dtor(¤t);
- }
- PS_ADD_VARL(name, namelen);
-+skip:
- efree(name);
-
- p = q;
-@@ -517,12 +547,16 @@
- zend_hash_del(&EG(symbol_table), "HTTP_SESSION_VARS", sizeof("HTTP_SESSION_VARS"));
- zend_hash_del(&EG(symbol_table), "_SESSION", sizeof("_SESSION"));
-
-+ if (PS(http_session_vars)) {
-+ zval_ptr_dtor(&PS(http_session_vars));
-+ }
-+
- MAKE_STD_ZVAL(session_vars);
- array_init(session_vars);
- PS(http_session_vars) = session_vars;
-
-- ZEND_SET_GLOBAL_VAR_WITH_LENGTH("HTTP_SESSION_VARS", sizeof("HTTP_SESSION_VARS"), PS(http_session_vars), 2, 1);
-- ZEND_SET_GLOBAL_VAR_WITH_LENGTH("_SESSION", sizeof("_SESSION"), PS(http_session_vars), 2, 1);
-+ ZEND_SET_GLOBAL_VAR_WITH_LENGTH("HTTP_SESSION_VARS", sizeof("HTTP_SESSION_VARS"), PS(http_session_vars), 3, 1);
-+ ZEND_SET_GLOBAL_VAR_WITH_LENGTH("_SESSION", sizeof("_SESSION"), PS(http_session_vars), 3, 1);
- }
-
- static char *php_session_encode(int *newlen TSRMLS_DC)
-@@ -1612,6 +1605,10 @@
-
- static void php_rshutdown_session_globals(TSRMLS_D)
- {
-+ if (PS(http_session_vars)) {
-+ zval_ptr_dtor(&PS(http_session_vars));
-+ PS(http_session_vars) = NULL;
-+ }
- if (PS(mod_data)) {
- PS(mod)->s_close(&PS(mod_data) TSRMLS_CC);
- }
-
-
-
-
-
-
-
-
-
Deleted: data/patches/MOPB/php4-sarge/CVE-2007-1286-MOPB-04.patch
===================================================================
--- data/patches/MOPB/php4-sarge/CVE-2007-1286-MOPB-04.patch 2011-01-18 02:17:33 UTC (rev 15915)
+++ data/patches/MOPB/php4-sarge/CVE-2007-1286-MOPB-04.patch 2011-01-18 02:17:42 UTC (rev 15916)
@@ -1,24 +0,0 @@
---- php4/ext/standard/var_unserializer.c 2006/08/09 23:29:17 1.18.4.24.2.7
-+++ php4-4.3.10/ext/standard/var_unserializer.c 2006/10/27 08:35:25 1.18.4.24.2.8
-@@ -958,6 +958,10 @@
-
- if (*rval == *rval_ref) return 0;
-
-+ if ((*rval_ref)->refcount > 65500) {
-+ return 0;
-+ }
-+
- if (*rval != NULL) {
- zval_ptr_dtor(rval);
- }
-@@ -999,6 +1003,10 @@
-
- id = parse_iv(start + 2) - 1;
- if (id == -1 || var_access(var_hash, id, &rval_ref) != SUCCESS) {
-+ return 0;
-+ }
-+
-+ if ((*rval_ref)->refcount > 65500) {
- return 0;
- }
-
Deleted: data/patches/MOPB/php4-sarge/CVE-2007-1380-MOPB-10.patch
===================================================================
--- data/patches/MOPB/php4-sarge/CVE-2007-1380-MOPB-10.patch 2011-01-18 02:17:33 UTC (rev 15915)
+++ data/patches/MOPB/php4-sarge/CVE-2007-1380-MOPB-10.patch 2011-01-18 02:17:42 UTC (rev 15916)
@@ -1,14 +0,0 @@
---- php4-4.3.10/ext/session/session.c 2006/12/26 16:53:47 1.417.2.8.2.22
-+++ php4-4.3.10/ext/session/session.c 2006/12/31 22:25:55 1.417.2.8.2.23
-@@ -471,6 +471,11 @@
- for (p = val; p < endptr; ) {
- zval **tmp;
- namelen = *p & (~PS_BIN_UNDEF);
-+
-+ if (namelen < 0 || namelen > PS_BIN_MAX || (p + namelen) >= endptr) {
-+ return FAILURE;
-+ }
-+
- has_value = *p & PS_BIN_UNDEF ? 0 : 1;
-
- name = estrndup(p + 1, namelen);
Deleted: data/patches/MOPB/php4-sarge/CVE-2007-1521-MOPB-22.patch
===================================================================
--- data/patches/MOPB/php4-sarge/CVE-2007-1521-MOPB-22.patch 2011-01-18 02:17:33 UTC (rev 15915)
+++ data/patches/MOPB/php4-sarge/CVE-2007-1521-MOPB-22.patch 2011-01-18 02:17:42 UTC (rev 15916)
@@ -1,23 +0,0 @@
-diff -aur php-4.4.6/ext/session/session.c php-4.4.7RC1/ext/session/session.c
---- php/ext/session/session.c 2007-02-15 10:41:30.000000000 +0100
-+++ php4-4.3.10/ext/session/session.c 2007-04-04 21:52:26.000000000 +0200
-@@ -1396,7 +1395,10 @@
- RETURN_FALSE;
- }
- if (PS(session_status) == php_session_active) {
-- if (PS(id)) efree(PS(id));
-+ if (PS(id)) {
-+ efree(PS(id));
-+ PS(id) = NULL;
-+ }
-
- PS(id) = PS(mod)->s_create_sid(&PS(mod_data), NULL TSRMLS_CC);
-
-@@ -1688,6 +1690,7 @@
- }
- if (PS(id)) {
- efree(PS(id));
-+ PS(id) = NULL;
- }
- PS(session_status)=php_session_none;
- }
More information about the Secure-testing-commits
mailing list