[packages/php.git] / php-bug-36017-and-session-chars.patch

diff -urN php-4.4.2/ext/informix/ifx.ec php4-STABLE-200601181735/ext/informix/ifx.ec
--- php-4.4.2/ext/informix/ifx.ec	2006-01-01 14:46:53.000000000 +0100
+++ php4-STABLE-200601181735/ext/informix/ifx.ec	2006-01-13 16:35:54.000000000 +0100
@@ -21,7 +21,7 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id$ */
+/* $Id$ */
 
 /* -------------------------------------------------------------------
  * if you want a function reference : "grep '^\*\*' ifx.ec" will give
@@ -3949,6 +3949,7 @@
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Can't create char-resource");
 		return -1;
 	}
+	memset(Ifx_char, 0, sizeof(IFX_IDRES));
 
 	Ifx_char->type = TYPE_CHAR;
 
@@ -4233,6 +4234,7 @@
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Can't create slob-resource");
 		return -1;
 	}
+	memset(Ifx_slob, 0, sizeof(IFX_IDRES));
 
 	errcode = ifx_lo_def_create_spec(&(Ifx_slob->SLOB.createspec));
 	if (errcode < 0) {
@@ -4475,6 +4477,7 @@
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Can't create slob-resource");
 		return -1;
 	}
+	memset(Ifx_slob, 0, sizeof(IFX_IDRES));
 	
 	Ifx_slob->type = TYPE_SLOB;
 	Ifx_slob->SLOB.lofd = -1;
diff -urN php-4.4.2/ext/session/session.c php4-STABLE-200601181735/ext/session/session.c
--- php-4.4.2/ext/session/session.c	2006-01-01 14:46:56.000000000 +0100
+++ php4-STABLE-200601181735/ext/session/session.c	2006-01-15 18:34:53.000000000 +0100
@@ -17,7 +17,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id$ */
+/* $Id$ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -626,6 +626,12 @@
 	char *val;
 	int vallen;
 
+	/* check session name for invalid characters */
+	if (PS(id) && strpbrk(PS(id), "\r\n\t <>'\"\\")) {
+		efree(PS(id));
+		PS(id) = NULL;
+	}
+
 	if (!PS(mod)) {
 		php_error_docref(NULL TSRMLS_CC, E_ERROR, "No storage module chosen - failed to initialize session.");
 		return;
diff -urN php-4.4.2/ext/standard/http_fopen_wrapper.c php4-STABLE-200601181735/ext/standard/http_fopen_wrapper.c
--- php-4.4.2/ext/standard/http_fopen_wrapper.c	2006-01-01 14:46:57.000000000 +0100
+++ php4-STABLE-200601181735/ext/standard/http_fopen_wrapper.c	2006-01-16 00:37:42.000000000 +0100
@@ -18,7 +18,7 @@
    |          Wez Furlong <wez@thebrainroom.com>                          |
    +----------------------------------------------------------------------+
  */
-/* $Id$ */ 
+/* $Id$ */ 
 
 #include "php.h"
 #include "php_globals.h"
@@ -339,7 +339,7 @@
 		size_t tmp_line_len;
 		/* get response header */
 
-		if (_php_stream_get_line(stream, tmp_line, sizeof(tmp_line) - 1, &tmp_line_len TSRMLS_CC) != NULL) {
+		if (php_stream_get_line(stream, tmp_line, sizeof(tmp_line) - 1, &tmp_line_len) != NULL) {
 			zval *http_response;
 			int response_code;
 
@@ -394,7 +394,7 @@
 
 	while (!body && !php_stream_eof(stream)) {
 		size_t http_header_line_length;
-		if (php_stream_get_line(stream, http_header_line, HTTP_HEADER_BLOCK_SIZE, &http_header_line_length TSRMLS_CC) && *http_header_line != '\n' && *http_header_line != '\r') {
+		if (php_stream_get_line(stream, http_header_line, HTTP_HEADER_BLOCK_SIZE, &http_header_line_length) && *http_header_line != '\n' && *http_header_line != '\r') {
 			char *e = http_header_line + http_header_line_length - 1;
 			while (*e == '\n' || *e == '\r') {
 				e--;
diff -urN php-4.4.2/NEWS php4-STABLE-200601181735/NEWS
--- php-4.4.2/NEWS	2006-01-12 18:54:19.000000000 +0100
+++ php4-STABLE-200601181735/NEWS	2006-01-16 00:37:37.000000000 +0100
@@ -1,5 +1,9 @@
 PHP 4                                                                      NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
+?? ??? 2006, Version 4.4.3
+- Added a check for special characters in the session name. (Ilia)
+- Fixed bug #36017 (fopen() crashes PHP when opening a URL). (Tony)
+
 13 Jan 2006, Version 4.4.2
 - Added missing safe_mode/open_basedir checks into cURL extension. (Ilia)
 - Backported missing imap_mailcompose() fixes from PHP 5.x. (Ilia)
diff -urN php-4.4.2/win32/wsyslog.c php4-STABLE-200601181735/win32/wsyslog.c
--- php-4.4.2/win32/wsyslog.c	2004-07-30 16:37:17.000000000 +0200
+++ php4-STABLE-200601181735/win32/wsyslog.c	2006-01-16 16:36:07.000000000 +0100
@@ -61,9 +61,14 @@
 void closelog(void)
 {
 	TSRMLS_FETCH();
-	DeregisterEventSource(PW32G(log_source));
-	STR_FREE(PW32G(log_header));
-	PW32G(log_header) = NULL;
+	if (PW32G(log_source)) {
+		DeregisterEventSource(PW32G(log_source));
+		PW32G(log_source) = NULL;
+	}
+	if (PW32G(log_header)) {
+		STR_FREE(PW32G(log_header));
+		PW32G(log_header) = NULL;
+	}
 }
 
 /* Emulator for BSD syslog() routine
diff -urN php-4.4.2/Zend/zend_language_scanner.c php4-STABLE-200601181735/Zend/zend_language_scanner.c
--- php-4.4.2/Zend/zend_language_scanner.c	2006-01-12 19:24:28.000000000 +0100
+++ php4-STABLE-200601181735/Zend/zend_language_scanner.c	2006-01-18 18:36:27.000000000 +0100
@@ -4755,7 +4755,6 @@
 {
 	int label_len;
 
-	CG(zend_lineno)++;
 	if (yytext[yyleng-2]=='\r') {
 		label_len = yyleng-2;
 	} else {
@@ -4776,6 +4775,7 @@
 		BEGIN(ST_IN_SCRIPTING);
 		return T_END_HEREDOC;
 	} else {
+		CG(zend_lineno)++;
  		zend_copy_value(zendlval, yytext, yyleng);
 		zendlval->type = IS_STRING;
 		return T_STRING;
Commit	Line	Data
d7c62969	1	diff -urN php-4.4.2/ext/informix/ifx.ec php4-STABLE-200601181735/ext/informix/ifx.ec
	2	--- php-4.4.2/ext/informix/ifx.ec 2006-01-01 14:46:53.000000000 +0100
	3	+++ php4-STABLE-200601181735/ext/informix/ifx.ec 2006-01-13 16:35:54.000000000 +0100
	4	@@ -21,7 +21,7 @@
	5	+----------------------------------------------------------------------+
	6	*/
	7
	8	-/* $Id$ */
	9	+/* $Id$ */
	10
	11	/* -------------------------------------------------------------------
	12	* if you want a function reference : "grep '^\\' ifx.ec" will give
	13	@@ -3949,6 +3949,7 @@
	14	php_error_docref(NULL TSRMLS_CC, E_WARNING, "Can't create char-resource");
	15	return -1;
	16	}
	17	+ memset(Ifx_char, 0, sizeof(IFX_IDRES));
	18
	19	Ifx_char->type = TYPE_CHAR;
	20
	21	@@ -4233,6 +4234,7 @@
	22	php_error_docref(NULL TSRMLS_CC, E_WARNING, "Can't create slob-resource");
	23	return -1;
	24	}
	25	+ memset(Ifx_slob, 0, sizeof(IFX_IDRES));
	26
	27	errcode = ifx_lo_def_create_spec(&(Ifx_slob->SLOB.createspec));
	28	if (errcode < 0) {
	29	@@ -4475,6 +4477,7 @@
	30	php_error_docref(NULL TSRMLS_CC, E_WARNING, "Can't create slob-resource");
	31	return -1;
	32	}
	33	+ memset(Ifx_slob, 0, sizeof(IFX_IDRES));
	34
	35	Ifx_slob->type = TYPE_SLOB;
	36	Ifx_slob->SLOB.lofd = -1;
	37	diff -urN php-4.4.2/ext/session/session.c php4-STABLE-200601181735/ext/session/session.c
	38	--- php-4.4.2/ext/session/session.c 2006-01-01 14:46:56.000000000 +0100
	39	+++ php4-STABLE-200601181735/ext/session/session.c 2006-01-15 18:34:53.000000000 +0100
	40	@@ -17,7 +17,7 @@
	41	+----------------------------------------------------------------------+
	42	*/
	43
	44	-/* $Id$ */
	45	+/* $Id$ */
	46
	47	#ifdef HAVE_CONFIG_H
	48	#include "config.h"
	49	@@ -626,6 +626,12 @@
	50	char *val;
	51	int vallen;
	52
	53	+ /* check session name for invalid characters */
	54	+ if (PS(id) && strpbrk(PS(id), "\r\n\t <>'\"\\")) {
	55	+ efree(PS(id));
	56	+ PS(id) = NULL;
	57	+ }
	58	+
	59	if (!PS(mod)) {
	60	php_error_docref(NULL TSRMLS_CC, E_ERROR, "No storage module chosen - failed to initialize session.");
	61	return;
	62	diff -urN php-4.4.2/ext/standard/http_fopen_wrapper.c php4-STABLE-200601181735/ext/standard/http_fopen_wrapper.c
	63	--- php-4.4.2/ext/standard/http_fopen_wrapper.c 2006-01-01 14:46:57.000000000 +0100
	64	+++ php4-STABLE-200601181735/ext/standard/http_fopen_wrapper.c 2006-01-16 00:37:42.000000000 +0100
65	@@ -18,7 +18,7 @@
66	\| Wez Furlong <wez@thebrainroom.com> \|
67	+----------------------------------------------------------------------+
68	*/
69	-/* $Id$ */
70	+/* $Id$ */
71
72	#include "php.h"
73	#include "php_globals.h"
74	@@ -339,7 +339,7 @@
75	size_t tmp_line_len;
76	/* get response header */
77
78	- if (_php_stream_get_line(stream, tmp_line, sizeof(tmp_line) - 1, &tmp_line_len TSRMLS_CC) != NULL) {
79	+ if (php_stream_get_line(stream, tmp_line, sizeof(tmp_line) - 1, &tmp_line_len) != NULL) {
80	zval *http_response;
81	int response_code;
82
83	@@ -394,7 +394,7 @@
84
85	while (!body && !php_stream_eof(stream)) {
86	size_t http_header_line_length;
87	- if (php_stream_get_line(stream, http_header_line, HTTP_HEADER_BLOCK_SIZE, &http_header_line_length TSRMLS_CC) && http_header_line != '\n' && http_header_line != '\r') {
88	+ if (php_stream_get_line(stream, http_header_line, HTTP_HEADER_BLOCK_SIZE, &http_header_line_length) && http_header_line != '\n' && http_header_line != '\r') {
89	char *e = http_header_line + http_header_line_length - 1;
90	while (e == '\n' \|\| e == '\r') {
91	e--;
92	diff -urN php-4.4.2/NEWS php4-STABLE-200601181735/NEWS
93	--- php-4.4.2/NEWS 2006-01-12 18:54:19.000000000 +0100
94	+++ php4-STABLE-200601181735/NEWS 2006-01-16 00:37:37.000000000 +0100
95	@@ -1,5 +1,9 @@
96	PHP 4 NEWS
97	\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|
98	+?? ??? 2006, Version 4.4.3
99	+- Added a check for special characters in the session name. (Ilia)
100	+- Fixed bug #36017 (fopen() crashes PHP when opening a URL). (Tony)
101	+
102	13 Jan 2006, Version 4.4.2
103	- Added missing safe_mode/open_basedir checks into cURL extension. (Ilia)
104	- Backported missing imap_mailcompose() fixes from PHP 5.x. (Ilia)
105	diff -urN php-4.4.2/win32/wsyslog.c php4-STABLE-200601181735/win32/wsyslog.c
106	--- php-4.4.2/win32/wsyslog.c 2004-07-30 16:37:17.000000000 +0200
107	+++ php4-STABLE-200601181735/win32/wsyslog.c 2006-01-16 16:36:07.000000000 +0100
108	@@ -61,9 +61,14 @@
109	void closelog(void)
110	{
111	TSRMLS_FETCH();
112	- DeregisterEventSource(PW32G(log_source));
113	- STR_FREE(PW32G(log_header));
114	- PW32G(log_header) = NULL;
115	+ if (PW32G(log_source)) {
116	+ DeregisterEventSource(PW32G(log_source));
117	+ PW32G(log_source) = NULL;
118	+ }
119	+ if (PW32G(log_header)) {
120	+ STR_FREE(PW32G(log_header));
121	+ PW32G(log_header) = NULL;
122	+ }
123	}
124
125	/* Emulator for BSD syslog() routine
126	diff -urN php-4.4.2/Zend/zend_language_scanner.c php4-STABLE-200601181735/Zend/zend_language_scanner.c
127	--- php-4.4.2/Zend/zend_language_scanner.c 2006-01-12 19:24:28.000000000 +0100
128	+++ php4-STABLE-200601181735/Zend/zend_language_scanner.c 2006-01-18 18:36:27.000000000 +0100
129	@@ -4755,7 +4755,6 @@
130	{
131	int label_len;
132
133	- CG(zend_lineno)++;
134	if (yytext[yyleng-2]=='\r') {
135	label_len = yyleng-2;
136	} else {
137	@@ -4776,6 +4775,7 @@
138	BEGIN(ST_IN_SCRIPTING);
139	return T_END_HEREDOC;
140	} else {
141	+ CG(zend_lineno)++;
142	zend_copy_value(zendlval, yytext, yyleng);
143	zendlval->type = IS_STRING;
144	return T_STRING;
145