| #
b4b157ed |
| 05-Dec-2023 |
Ilija Tovilo |
Merge branch 'PHP-8.2' into PHP-8.3
* PHP-8.2:
Fix compilation of ftp without openssl
|
| #
4f934cb7 |
| 04-Dec-2023 |
Ilija Tovilo |
Fix compilation of ftp without openssl
Closes GH-12866 |
| #
addb6e46 |
| 02-Dec-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Merge branch 'PHP-8.2' into PHP-8.3
* PHP-8.2:
Fix GH-9348: FTP & SSL session reuse
|
| #
ac8a58fa |
| 02-Dec-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-9348: FTP & SSL session reuse
The issue referenced here doesn't contain a reproducer, but I recently
received an email of a user with the exact same problem. I was able to
rec
Fix GH-9348: FTP & SSL session reuse
The issue referenced here doesn't contain a reproducer, but I recently
received an email of a user with the exact same problem. I was able to
recreate the scenario locally using vsftpd and setting
`require_ssl_reuse=YES` in the vsftpd configuration.
It turns out that our session resumption code is broken. It only works a
single time: the first time a data connection opens. Subsequent data
connections fail to reuse the session. This is because on every data
connection a new session is negotiated, but the current code always
tries to reuse the (stale) session of the control connection.
To fix this, we use SSL_CTX_sess_set_new_cb() to setup a callback that
gets called every time a new session is negotiated. We take a strong
reference using SSL_get1_session() and store it in the ftpbuf_t struct.
Every time we open a data connection we'll take that session.
This works because every control connection has at most a single
associated data connection.
Also disable internal session caching storage to not fill the cache up
with useless sessions.
There is no phpt for this because PHP does not support enforcing SSL
session reuse.
It is however testable manually by setting up vsftpd and setting the
`require_ssl_reuse=YES` function from before.
Closes GH-12851.
show more ...
|
| #
eacfbd9a |
| 07-Jul-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Merge branch 'PHP-8.2'
* PHP-8.2:
Fix GH-10562: Memory leak and invalid state with consecutive ftp_nb_fget
|
| #
4dcb5af3 |
| 07-Jul-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Merge branch 'PHP-8.1' into PHP-8.2
* PHP-8.1:
Fix GH-10562: Memory leak and invalid state with consecutive ftp_nb_fget
|
| #
c962a96c |
| 06-Jul-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-10562: Memory leak and invalid state with consecutive ftp_nb_fget
When the user does not fully consume the data stream, but instead opens
a new one, a memory leak occurs. Moreover
Fix GH-10562: Memory leak and invalid state with consecutive ftp_nb_fget
When the user does not fully consume the data stream, but instead opens
a new one, a memory leak occurs. Moreover, the state is invalid: when
more commands arrive they'll be handled out-of-sync because the state of
the client does not match what the server is doing.
This leads to all sorts of weirdness, for example:
Warning: ftp_nb_fget(): OK.
Fix it by gracefully closing the old data stream when a new data stream
is started.
Closes GH-11606.
show more ...
|
| #
d5ad7510 |
| 08-Jun-2023 |
George Peter Banyard |
More usage of known zend_str instead of C string (#11381) |
| #
57442f8f |
| 20-Mar-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Merge branch 'PHP-8.1' into PHP-8.2
* PHP-8.1:
Fix GH-10521: ftp_get/ftp_nb_get resumepos offset is maximum 10GB
|
| #
30141828 |
| 06-Feb-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-10521: ftp_get/ftp_nb_get resumepos offset is maximum 10GB
The char arrays were too small for a long on 64-bit systems, which
resulted in cutting off the string at the end with a
Fix GH-10521: ftp_get/ftp_nb_get resumepos offset is maximum 10GB
The char arrays were too small for a long on 64-bit systems, which
resulted in cutting off the string at the end with a NUL byte. Use a
size of MAX_LENGTH_OF_LONG to fix this issue instead of a fixed size
of 11 chars.
Closes GH-10525.
show more ...
|
|
Revision tags: php-8.2.0RC1, php-8.1.10, php-8.0.23, php-8.0.23RC1, php-8.1.10RC1, php-8.2.0beta3, php-8.2.0beta2, php-8.1.9, php-8.0.22, php-8.1.9RC1, php-8.2.0beta1, php-8.0.22RC1, php-8.0.21, php-8.1.8, php-8.2.0alpha3, php-8.1.8RC1, php-8.2.0alpha2, php-8.0.21RC1, php-8.0.20, php-8.1.7, php-8.2.0alpha1, php-7.4.30, php-8.1.7RC1, php-8.0.20RC1, php-8.1.6, php-8.0.19, php-8.1.6RC1, php-8.0.19RC1, php-8.0.18, php-8.1.5, php-7.4.29, php-8.1.5RC1, php-8.0.18RC1 |
|
| #
af20923a |
| 28-Mar-2022 |
Jihwan Kim |
Fix datetime format string to follow POSIX spec in ftp_mdtm()
Closes GH-8259 |
|
Revision tags: php-8.1.4, php-8.0.17, php-8.1.4RC1, php-8.0.17RC1, php-8.1.3, php-8.0.16, php-7.4.28, php-8.1.3RC1, php-8.0.16RC1, php-8.1.2, php-8.0.15, php-8.1.2RC1, php-8.0.15RC1, php-8.0.14, php-8.1.1, php-7.4.27, php-8.1.1RC1, php-8.0.14RC1, php-7.4.27RC1, php-8.1.0, php-8.0.13, php-7.4.26, php-7.3.33, php-8.1.0RC6, php-7.4.26RC1, php-8.0.13RC1, php-8.1.0RC5, php-7.3.32, php-7.4.25, php-8.0.12, php-8.1.0RC4, php-8.0.12RC1, php-7.4.25RC1, php-8.1.0RC3, php-8.0.11, php-7.4.24, php-7.3.31, php-8.1.0RC2, php-7.4.24RC1, php-8.0.11RC1, php-8.1.0RC1, php-7.4.23, php-8.0.10, php-7.3.30, php-8.1.0beta3, php-8.0.10RC1, php-7.4.23RC1, php-8.1.0beta2, php-8.0.9, php-7.4.22, php-8.1.0beta1, php-7.4.22RC1, php-8.0.9RC1 |
|
| #
efbb2198 |
| 12-Jul-2021 |
Nikita Popov |
Return value from ZEND_ATOL
Instead of assigning it as part of the macro itself, which makes
usage quite awkward. |
|
Revision tags: php-8.1.0alpha3, php-7.4.21, php-7.3.29 |
|
| #
aff36587 |
| 29-Jun-2021 |
Patrick Allaert |
Fixed some spaces used instead of tabs |
|
Revision tags: php-8.0.8, php-8.1.0alpha2, php-7.4.21RC1, php-8.0.8RC1, php-8.1.0alpha1, php-8.0.7, php-7.4.20, php-8.0.7RC1, php-7.4.20RC1 |
|
| #
01b3fc03 |
| 06-May-2021 |
KsaR |
Update http->https in license (#6945)
1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as
Update http->https in license (#6945)
1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier".
3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted.
4. fixed indentation in some files before |
show more ...
|
|
Revision tags: php-8.0.6, php-7.4.19 |
|
| #
895185e5 |
| 03-May-2021 |
Christoph M. Becker |
Merge branch 'PHP-8.0'
* PHP-8.0:
Fix #79100: Wrong FTP error messages
|
| #
c2a06f5d |
| 03-May-2021 |
Christoph M. Becker |
Merge branch 'PHP-7.4' into PHP-8.0
* PHP-7.4:
Fix #79100: Wrong FTP error messages
|
|
Revision tags: php-7.4.18, php-7.3.28, php-8.0.5 |
|
| #
42c72ef4 |
| 22-Apr-2021 |
Christoph M. Becker |
Fix #79100: Wrong FTP error messages
First we need to properly clear the `inbuf`, what is an amendment to
commit d2881adcbc[1].
Then we need to report `php_pollfd_for_ms()` fail
Fix #79100: Wrong FTP error messages
First we need to properly clear the `inbuf`, what is an amendment to
commit d2881adcbc[1].
Then we need to report `php_pollfd_for_ms()` failures right away; just
setting `errno` does not really help, since at least in some cases it
would have been overwritten before we actually could check it. We use
`php_socket_strerror()` to get a proper error message, and define
`ETIMEDOUT` to the proper value on Windows; otherwise we catch the
definition in errno.h, which is not compatible with WinSock. The
proper solution for this issue would likely be to include something
like ext/sockets/windows_common.h.
Finally, we ensure that we only report warnings using `inbuf`, if it is
not empty.
[1] <http://git.php.net/?p=php-src.git;a=commit;h=d2881adcbc9be60de7e7d45a3316b0e11b7eb1e8>.
Closes GH-6718.
show more ...
|
| #
c0ae3a7f |
| 22-Apr-2021 |
Christoph M. Becker |
Fix #80901: Info leak in ftp extension
We ensure that inbuf is NUL terminated on `ftp_readline()` failure.
Closes GH-6894. |
| #
5d7219dc |
| 26-Apr-2021 |
Christoph M. Becker |
Merge branch 'PHP-8.0'
* PHP-8.0:
Fix #80901: Info leak in ftp extension
|
| #
33d49551 |
| 26-Apr-2021 |
Christoph M. Becker |
Merge branch 'PHP-7.4' into PHP-8.0
* PHP-7.4:
Fix #80901: Info leak in ftp extension
|
| #
09696eee |
| 22-Apr-2021 |
Christoph M. Becker |
Fix #80901: Info leak in ftp extension
We ensure that inbuf is NUL terminated on `ftp_readline()` failure.
Closes GH-6894. |
|
Revision tags: php-8.0.5RC1, php-7.4.18RC1 |
|
| #
67e545f1 |
| 06-Apr-2021 |
Christoph M. Becker |
Merge branch 'PHP-8.0'
* PHP-8.0:
Fix #80880: SSL_read on shutdown, ftp/proc_open
|
| #
de9734a5 |
| 06-Apr-2021 |
Christoph M. Becker |
Merge branch 'PHP-7.4' into PHP-8.0
* PHP-7.4:
Fix #80880: SSL_read on shutdown, ftp/proc_open
|
| #
96880716 |
| 06-Apr-2021 |
Christoph M. Becker |
Fix #80880: SSL_read on shutdown, ftp/proc_open
When `SSL_read()` after `SSL_shutdown()` fails with `SSL_ERROR_SYSCALL`,
we should not warn about this, because it is likely caused by the
Fix #80880: SSL_read on shutdown, ftp/proc_open
When `SSL_read()` after `SSL_shutdown()` fails with `SSL_ERROR_SYSCALL`,
we should not warn about this, because it is likely caused by the peer
having closed the connection without having sent a close_notify
shutdown alert.
Signed-off-by: Christoph M. Becker <cmbecker69@gmx.de>
Closes GH-6803.
show more ...
|
|
Revision tags: php-8.0.4RC1, php-7.4.17RC1, php-8.0.3, php-7.4.16, php-8.0.3RC1, php-7.4.16RC1, php-8.0.2, php-7.4.15, php-7.3.27, php-8.0.2RC1, php-7.4.15RC2, php-7.4.15RC1 |
|
| #
3e01f5af |
| 15-Jan-2021 |
Nikita Popov |
Replace zend_bool uses with bool
We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.
Of course, zend_bool
Replace zend_bool uses with bool
We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.
Of course, zend_bool is retained as an alias.
show more ...
|
