Commit d4d61a2b authored by Ondrej Sury's avatar Ondrej Sury

Imported Upstream version 5.4.3

parent 9e8bb702
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
03 Mar 2012, PHP 5.4.2
08 May 2012, PHP 5.4.3
- CGI
. Re-Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823.
(Stas)
. Fix bug #61807 - Buffer Overflow in apache_request_headers.
(nyt-php at countercultured dot net).
03 May 2012, PHP 5.4.2
- Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823. (Rasmus)
......
This diff is collapsed.
/* A Bison parser, made by GNU Bison 2.5. */
/* A Bison parser, made by GNU Bison 2.3. */
/* Bison interface for Yacc-like parsers in C
Copyright (C) 1984, 1989-1990, 2000-2011 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
/* Skeleton interface for Bison's Yacc-like parsers in C
Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
Free Software Foundation, Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
the Free Software Foundation; either version 2, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor,
Boston, MA 02110-1301, USA. */
/* As a special exception, you may create a larger work that contains
part or all of the Bison parser skeleton and distribute that work
......@@ -26,11 +29,10 @@
special exception, which will cause the skeleton and the resulting
Bison output files to be licensed under the GNU General Public
License without this special exception.
This special exception was added by the Free Software Foundation in
version 2.2 of Bison. */
/* Tokens. */
#ifndef YYTOKENTYPE
# define YYTOKENTYPE
......@@ -74,11 +76,10 @@
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
typedef int YYSTYPE;
# define YYSTYPE_IS_TRIVIAL 1
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
# define YYSTYPE_IS_DECLARED 1
# define YYSTYPE_IS_TRIVIAL 1
#endif
Terminals unused in grammar
Terminals which are not used
':'
','
'.'
'\''
'''
'^'
'+'
'-'
......@@ -90,7 +90,7 @@ $end (0) 0
'$' (36)
'%' (37)
'&' (38) 33
'\'' (39)
''' (39)
'(' (40) 36
')' (41) 36
'*' (42)
......
This diff is collapsed.
/* A Bison parser, made by GNU Bison 2.5. */
/* A Bison parser, made by GNU Bison 2.3. */
/* Bison interface for Yacc-like parsers in C
Copyright (C) 1984, 1989-1990, 2000-2011 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
/* Skeleton interface for Bison's Yacc-like parsers in C
Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
Free Software Foundation, Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
the Free Software Foundation; either version 2, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor,
Boston, MA 02110-1301, USA. */
/* As a special exception, you may create a larger work that contains
part or all of the Bison parser skeleton and distribute that work
......@@ -26,11 +29,10 @@
special exception, which will cause the skeleton and the resulting
Bison output files to be licensed under the GNU General Public
License without this special exception.
This special exception was added by the Free Software Foundation in
version 2.2 of Bison. */
/* Tokens. */
#ifndef YYTOKENTYPE
# define YYTOKENTYPE
......@@ -302,11 +304,10 @@
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
typedef int YYSTYPE;
# define YYSTYPE_IS_TRIVIAL 1
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
# define YYSTYPE_IS_DECLARED 1
# define YYSTYPE_IS_TRIVIAL 1
#endif
This diff is collapsed.
This diff is collapsed.
......@@ -119,7 +119,7 @@ int zend_sprintf(char *buffer, const char *format, ...);
PHP_MAJOR_VERSION=5
PHP_MINOR_VERSION=4
PHP_RELEASE_VERSION=2
PHP_RELEASE_VERSION=3
PHP_EXTRA_VERSION=""
PHP_VERSION="$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION"
PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 10000 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION`
......
makefile_am_files = Zend/Makefile.am TSRM/Makefile.am
config_m4_files = Zend/Zend.m4 TSRM/tsrm.m4 TSRM/threads.m4 Zend/acinclude.m4 ext/bcmath/config.m4 ext/bz2/config.m4 ext/calendar/config.m4 ext/ctype/config.m4 ext/curl/config.m4 ext/date/config0.m4 ext/dba/config.m4 ext/dom/config.m4 ext/enchant/config.m4 ext/ereg/config0.m4 ext/exif/config.m4 ext/fileinfo/config.m4 ext/filter/config.m4 ext/ftp/config.m4 ext/gd/config.m4 ext/gettext/config.m4 ext/gmp/config.m4 ext/hash/config.m4 ext/iconv/config.m4 ext/imap/config.m4 ext/interbase/config.m4 ext/intl/config.m4 ext/json/config.m4 ext/ldap/config.m4 ext/libxml/config0.m4 ext/mbstring/config.m4 ext/mcrypt/config.m4 ext/mssql/config.m4 ext/mysql/config.m4 ext/mysqli/config.m4 ext/mysqlnd/config9.m4 ext/oci8/config.m4 ext/odbc/config.m4 ext/openssl/config0.m4 ext/pcntl/config.m4 ext/pcre/config0.m4 ext/pdo/config.m4 ext/pdo_dblib/config.m4 ext/pdo_firebird/config.m4 ext/pdo_mysql/config.m4 ext/pdo_oci/config.m4 ext/pdo_odbc/config.m4 ext/pdo_pgsql/config.m4 ext/pdo_sqlite/config.m4 ext/pgsql/config.m4 ext/phar/config.m4 ext/posix/config.m4 ext/pspell/config.m4 ext/readline/config.m4 ext/recode/config9.m4 ext/recode/config.m4 ext/reflection/config.m4 ext/session/config.m4 ext/shmop/config.m4 ext/simplexml/config.m4 ext/snmp/config.m4 ext/soap/config.m4 ext/sockets/config.m4 ext/spl/config.m4 ext/sqlite3/config0.m4 ext/standard/config.m4 ext/sybase_ct/config.m4 ext/sysvmsg/config.m4 ext/sysvsem/config.m4 ext/sysvshm/config.m4 ext/tidy/config.m4 ext/tokenizer/config.m4 ext/wddx/config.m4 ext/xml/config.m4 ext/xmlreader/config.m4 ext/xmlrpc/config.m4 ext/xmlwriter/config.m4 ext/xsl/config.m4 ext/zip/config.m4 ext/zlib/config0.m4 sapi/aolserver/config.m4 sapi/apache2filter/config.m4 sapi/apache2handler/config.m4 sapi/apache/config.m4 sapi/apache_hooks/config.m4 sapi/caudium/config.m4 sapi/cli/config.m4 sapi/continuity/config.m4 sapi/embed/config.m4 sapi/fpm/config.m4 sapi/isapi/config.m4 sapi/litespeed/config.m4 sapi/milter/config.m4 sapi/nsapi/config.m4 sapi/phttpd/config.m4 sapi/pi3web/config.m4 sapi/roxen/config.m4 sapi/thttpd/config.m4 sapi/tux/config.m4 sapi/webjames/config.m4
config_m4_files = Zend/Zend.m4 TSRM/tsrm.m4 TSRM/threads.m4 Zend/acinclude.m4 ext/bcmath/config.m4 ext/bz2/config.m4 ext/calendar/config.m4 ext/ctype/config.m4 ext/curl/config.m4 ext/date/config0.m4 ext/dba/config.m4 ext/dom/config.m4 ext/enchant/config.m4 ext/ereg/config0.m4 ext/exif/config.m4 ext/fileinfo/config.m4 ext/filter/config.m4 ext/ftp/config.m4 ext/gd/config.m4 ext/gettext/config.m4 ext/gmp/config.m4 ext/hash/config.m4 ext/iconv/config.m4 ext/imap/config.m4 ext/interbase/config.m4 ext/intl/config.m4 ext/json/config.m4 ext/ldap/config.m4 ext/libxml/config0.m4 ext/mbstring/config.m4 ext/mcrypt/config.m4 ext/mssql/config.m4 ext/mysql/config.m4 ext/mysqli/config.m4 ext/mysqlnd/config9.m4 ext/oci8/config.m4 ext/odbc/config.m4 ext/openssl/config0.m4 ext/pcntl/config.m4 ext/pcre/config0.m4 ext/pdo/config.m4 ext/pdo_dblib/config.m4 ext/pdo_firebird/config.m4 ext/pdo_mysql/config.m4 ext/pdo_oci/config.m4 ext/pdo_odbc/config.m4 ext/pdo_pgsql/config.m4 ext/pdo_sqlite/config.m4 ext/pgsql/config.m4 ext/phar/config.m4 ext/posix/config.m4 ext/pspell/config.m4 ext/readline/config.m4 ext/recode/config.m4 ext/recode/config9.m4 ext/reflection/config.m4 ext/session/config.m4 ext/shmop/config.m4 ext/simplexml/config.m4 ext/snmp/config.m4 ext/soap/config.m4 ext/sockets/config.m4 ext/spl/config.m4 ext/sqlite3/config0.m4 ext/standard/config.m4 ext/sybase_ct/config.m4 ext/sysvmsg/config.m4 ext/sysvsem/config.m4 ext/sysvshm/config.m4 ext/tidy/config.m4 ext/tokenizer/config.m4 ext/wddx/config.m4 ext/xml/config.m4 ext/xmlreader/config.m4 ext/xmlrpc/config.m4 ext/xmlwriter/config.m4 ext/xsl/config.m4 ext/zip/config.m4 ext/zlib/config0.m4 sapi/aolserver/config.m4 sapi/apache/config.m4 sapi/apache2filter/config.m4 sapi/apache2handler/config.m4 sapi/apache_hooks/config.m4 sapi/caudium/config.m4 sapi/cli/config.m4 sapi/continuity/config.m4 sapi/embed/config.m4 sapi/fpm/config.m4 sapi/isapi/config.m4 sapi/litespeed/config.m4 sapi/milter/config.m4 sapi/nsapi/config.m4 sapi/phttpd/config.m4 sapi/pi3web/config.m4 sapi/roxen/config.m4 sapi/thttpd/config.m4 sapi/tux/config.m4 sapi/webjames/config.m4
......@@ -2,7 +2,7 @@
/* edit configure.in to change version number */
#define PHP_MAJOR_VERSION 5
#define PHP_MINOR_VERSION 4
#define PHP_RELEASE_VERSION 2
#define PHP_RELEASE_VERSION 3
#define PHP_EXTRA_VERSION ""
#define PHP_VERSION "5.4.2"
#define PHP_VERSION_ID 50402
#define PHP_VERSION "5.4.3"
#define PHP_VERSION_ID 50403
......@@ -1614,15 +1614,21 @@ PHP_FUNCTION(apache_request_headers) /* {{{ */
p = var + 5;
var = q = t;
// First char keep uppercase
*q++ = *p++;
while (*p) {
if (*p == '_') {
if (*p == '=') {
// End of name
break;
} else if (*p == '_') {
*q++ = '-';
p++;
if (*p) {
// First char after - keep uppercase
if (*p && *p!='=') {
*q++ = *p++;
}
} else if (*p >= 'A' && *p <= 'Z') {
// lowercase
*q++ = (*p++ - 'A' + 'a');
} else {
*q++ = *p++;
......@@ -1806,10 +1812,15 @@ int main(int argc, char *argv[])
}
}
if(query_string = getenv("QUERY_STRING")) {
if((query_string = getenv("QUERY_STRING")) != NULL && strchr(query_string, '=') == NULL) {
/* we've got query string that has no = - apache CGI will pass it to command line */
unsigned char *p;
decoded_query_string = strdup(query_string);
php_url_decode(decoded_query_string, strlen(decoded_query_string));
if(*decoded_query_string == '-' && strchr(decoded_query_string, '=') == NULL) {
for (p = decoded_query_string; *p && *p <= ' '; p++) {
/* skip all leading spaces */
}
if(*p == '-') {
skip_getopt = 1;
}
free(decoded_query_string);
......@@ -2073,7 +2084,7 @@ consult the installation file that came with this distribution, or visit \n\
}
zend_first_try {
while ((c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 1, 2)) != -1) {
while (!skip_getopt && (c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 1, 2)) != -1) {
switch (c) {
case 'T':
benchmark = 1;
......
--TEST--
apache_request_headers() stack overflow.
--SKIPIF--
<?php
include "skipif.inc";
?>
--FILE--
<?php
include "include.inc";
$php = get_cgi_path();
reset_env_vars();
$file = dirname(__FILE__)."/012.test.php";
file_put_contents($file, '<?php print_r(apache_request_headers()); ?>');
passthru("$php $file");
$names = array('HTTP_X_TEST', 'HTTP_X__TEST', 'HTTP_X_');
foreach ($names as $name) {
putenv($name."=".str_repeat("A", 256));
passthru("$php -q $file");
putenv($name);
}
unlink($file);
echo "Done\n";
?>
--EXPECTF--
X-Powered-By: PHP/%s
Content-type: text/html
Array
(
)
Array
(
[X-Test] => AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
)
Array
(
[X-_test] => AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
)
Array
(
[X-] => AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
)
Done
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment