History log of /PHP-8.4/Zend/zend_virtual_cwd.c (Results 76 – 100 of 134)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
Revision tags: php-7.1.0RC4, php-5.6.27, php-7.0.12, php-7.1.0RC3, php-5.6.27RC1, php-7.0.12RC1, php-5.6.26, php-7.1.0RC2, php-7.0.11
# dad79363 06-Sep-2016 Christoph M. Becker

Fix #73025: Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c

`command_length` is retrieved via strlen() and later passed to emalloc()
and memcpy(), so the appropriate type is

Fix #73025: Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c

`command_length` is retrieved via strlen() and later passed to emalloc()
and memcpy(), so the appropriate type is `size_t`.

We don't add a regression test, because that would need to allocate a string
of at least 2 GiB.

show more ...


# 0382a64f 01-Sep-2016 Anatol Belski

remove unused assignment


# ac82a341 01-Sep-2016 Anatol Belski

rewrite the getcwd part

Also fixes a possible memory leak. Still not ideal, as seems CWD
longer than MAX_PATH is still not supported. But a heap allocation
is not needed anyway, as M

rewrite the getcwd part

Also fixes a possible memory leak. Still not ideal, as seems CWD
longer than MAX_PATH is still not supported. But a heap allocation
is not needed anyway, as MAXPATHLEN value is the maximum supported.

show more ...


Revision tags: php-5.6.26RC1, php-7.1.0RC1, php-7.0.11RC1
# d5820285 27-Aug-2016 Anatol Belski

fix leak


Revision tags: php-7.1.0beta3, php-5.6.25
# 447e57a1 17-Aug-2016 Kalle Sommer Nielsen

Fixed 7.1 build, decls first please!


Revision tags: php-7.0.10, php-7.1.0beta2, php-5.6.25RC1, php-7.0.10RC1
# bfba840e 30-Jul-2016 Kalle Sommer Nielsen

Fix build on Windows


Revision tags: php-7.1.0beta1, php-5.6.24, php-7.0.9, php-5.5.38
# 374ae8e9 13-Jul-2016 Stanislav Malyshev

Fix for bug #72513

This is applicable to 7 as well, but was somehow missing from the merge.


# a099545b 13-Jul-2016 Stanislav Malyshev

Fix for bug #72513


# 69557901 07-Jul-2016 Anatol Belski

silence compiler noise


Revision tags: php-5.6.24RC1, php-7.1.0alpha3, php-7.0.9RC1, php-7.1.0alpha2, php-7.0.8, php-5.6.23, php-5.5.37
# 3d3f11ed 20-Jun-2016 Anatol Belski

Fixed the UTF-8 and long path support in the streams on Windows.

Since long the default PHP charset is UTF-8, however the Windows part is
out of step with this important point. The curre

Fixed the UTF-8 and long path support in the streams on Windows.

Since long the default PHP charset is UTF-8, however the Windows part is
out of step with this important point. The current implementation in PHP
doesn't technically permit to handle UTF-8 filepath and several other
things. Till now, only the ANSI compatible APIs are being used. Here is more
about it

https://msdn.microsoft.com/en-us/library/windows/desktop/dd317752%28v=vs.85%29.aspx

The patch fixes not only issues with multibyte filenames under
incompatible codepages, but indirectly also issues with some other multibyte
encodings like BIG5, Shift-JIS, etc. by providing a clean way to access
filenames in UTF-8. Below is a small list of issues from the bug tracker,
that are getting fixed:

https://bugs.php.net/63401
https://bugs.php.net/41199
https://bugs.php.net/50203
https://bugs.php.net/71509
https://bugs.php.net/64699
https://bugs.php.net/64506
https://bugs.php.net/30195
https://bugs.php.net/65358
https://bugs.php.net/61315
https://bugs.php.net/70943
https://bugs.php.net/70903
https://bugs.php.net/63593
https://bugs.php.net/54977
https://bugs.php.net/54028
https://bugs.php.net/43148
https://bugs.php.net/30730
https://bugs.php.net/33350
https://bugs.php.net/35300
https://bugs.php.net/46990
https://bugs.php.net/61309
https://bugs.php.net/69333
https://bugs.php.net/45517
https://bugs.php.net/70551
https://bugs.php.net/50197
https://bugs.php.net/72200
https://bugs.php.net/37672

Yet more related tickets can for sure be found - on bugs.php.net, Stackoverflow
and Github. Some of the bugs are pretty recent, some descend to early
2000th, but the user comments in there last even till today. Just for example,
bug #30195 was opened in 2004, the latest comment in there was made in 2014. It
is certain, that these bugs descend not only to pure PHP use cases, but get also
redirected from the popular PHP based projects. Given the modern systems (and
those supported by PHP) are always based on NTFS, there is no excuse to keep
these issues unresolved.

The internalization approach on Windows is in many ways different from
UNIX and Linux, while it supports and is based on Unicode. It depends on the
current system code page, APIs used and exact kind how the binary was compiled
The locale doesn't affect the way Unicode or ANSI API work. PHP in particular
is being compiled without _UNICODE defined and this is conditioned by the
way we handle strings. Here is more about it

https://msdn.microsoft.com/en-us/library/tsbaswba.aspx

However, with any system code page ANSI functions automatically convert
paths to UTF-16. Paths in some encodings incompatible with the
current system code page, won't work correctly with ANSI APIs. PHP
till now only uses the ANSI Windows APIs.

For example, on a system with the current code page 1252, the paths
in cp1252 are supported and transparently converted to UTF-16 by the
ANSI functions. Once one wants to handle a filepath encoded with cp932 on
that particular system, an ANSI or a POSIX compatible function used in
PHP will produce an erroneous result. When trying to convert that cp932 path
to UTF-8 and passing to the ANSI functions, an ANSI function would
likely interpret the UTF-8 string as some string in the current code page and
create a filepath that represents every single byte of the UTF-8 string.
These behaviors are not only broken but also disregard the documented
INI settings.

This patch solves the issies with the multibyte paths on Windows by
intelligently enforcing the usage of the Unicode aware APIs. For
functions expect Unicode (fe CreateFileW, FindFirstFileW, etc.), arguments
will be converted to UTF-16 wide chars. For functions returning Unicode
aware data (fe GetCurrentDirectoryW, etc.), resulting wide string is
converted back to char's depending on the current PHP charset settings,
either to the current ANSI codepage (this is the behavior prior to this patch)
or to UTF-8 (the default behavior).

In a particular case, users might have to explicitly set
internal_encoding or default_charset, if filenames in ANSI codepage are
necessary. Current tests show no regressions and witness that this will be an
exotic case, the current default UTF-8 encoding is compatible with any
supported system. The dependency libraries are long switching to Unicode APIs,
so some tests were also added for extensions not directly related to streams.
At large, the patch brings over 150 related tests into the core. Those target
and was run on various environments with European, Asian, etc. codepages.
General PHP frameworks was tested and showed no regressions.

The impact on the current C code base is low, the most places affected
are the Windows only places in the three files tsrm_win32.c, zend_virtual_cwd.c
and plain_wrapper.c. The actual implementation of the most of the wide
char supporting functionality is in win32/ioutil.* and win32/codepage.*,
several low level functionsare extended in place to avoid reimplementation for
now. No performance impact was sighted. As previously mentioned, the ANSI APIs
used prior the patch perform Unicode conversions internally. Using the
Unicode APIs directly while doing custom conversions just retains the status
quo. The ways to optimize it are open (fe. by implementing caching for the
strings converted to wide variants).

The long path implementation is user transparent. If a path exceeds the
length of _MAX_PATH, it'll be automatically prefixed with \\?\. The MAXPATHLEN
is set to 2048 bytes.

Appreciation to Pierre Joye, Matt Ficken, @algo13 and others for tips, ideas
and testing.

Thanks.

show more ...


Revision tags: php-5.6.23RC1, php-7.0.8RC1, php-7.1.0alpha1, php-5.6.22, php-5.5.36, php-7.0.7, php-5.6.22RC1
# 6b63d80a 10-May-2016 Anatol Belski

fix handle leak


Revision tags: php-7.0.7RC1, php-7.0.6, php-5.6.21, php-5.5.35, php-5.6.21RC1, php-7.0.6RC1, php-5.6.20, php-5.5.34, php-7.0.5, php-5.6.20RC1, php-7.0.5RC1
# 67f07700 10-Mar-2016 Xinchen Hui

tsrm_win32_get_path_sid_key might returns NULL (Partially fix bug #71752)

cherry-picked from 7d5f71b0b125c89211e5a2a6d925deba938abd41


# 7d5f71b0 10-Mar-2016 Xinchen Hui

tsrm_win32_get_path_sid_key might returns NULL (Partially fix bug #71752)


Revision tags: php-5.6.19, php-5.5.33, php-7.0.4, php-5.6.19RC1, php-7.0.4RC1, php-5.6.18, php-7.0.3, php-5.5.32, php-5.6.18RC1, php-7.0.3RC1, php-5.6.17, php-5.5.31, php-7.0.2
# 97a9470d 02-Jan-2016 Xinchen Hui

bump year which is missed in rev 49493a2


# c51e73c8 01-Jan-2016 Lior Kaplan

Happy new year (Update copyright to 2016)


Revision tags: php-7.0.2RC1, php-5.6.17RC1, php-7.0.1RC1, php-7.0.0, php-5.6.16, php-7.0.0RC8, php-7.0.0RC7, php-5.6.16RC1
# 99681298 05-Nov-2015 Anatol Belski

don't get invalid chmod mode through


# dea14fc7 04-Nov-2015 Anatol Belski

zero cwd buffer before passing to chmod


Revision tags: php-5.6.15, php-7.0.0RC6, php-7.0.1, php-5.6.15RC1, php-7.0.0RC5, php-5.5.30, php-5.6.14, php-7.0.0RC4, php-5.6.14RC1, php-7.0.0RC3, php-5.6.13, php-7.0.0RC2, php-5.5.29, php-5.4.45, php-5.6.13RC1, php-7.0.0RC1, php-5.6.12, php-5.5.28, php-7.0.0beta3, php-5.4.44, php-5.6.12RC1, php-7.0.0beta2, php-7.0.0beta1, php-5.6.11, php-5.5.27, php-5.4.43
# ce2cd892 04-Jul-2015 Kalle Sommer Nielsen

Replace references to PHP_WIN32 and TSRM_WIN32 with ZEND_WIN32 in Zend/, this also fixes 1 instance of where fflush(stderr) was misplaced (zend_extensions.c)


Revision tags: php-5.6.11RC1, php-5.5.27RC1, php-7.0.0alpha2
# 6084844f 13-Jun-2015 Anatol Belski

Fix bug #69814 Enabling php_curl, php_mysqli, and php_openssl causes php-cgi to crash


Revision tags: php-5.5.26, php-7.0.0alpha1, php-5.6.10, php-5.4.42, POST_PHP7_NSAPI_REMOVAL, PRE_PHP7_NSAPI_REMOVAL, php-5.6.10RC1, php-5.5.26RC1
# cf50748f 25-May-2015 Anatol Belski

move S_IFLNK define into header


# c444c417 25-May-2015 Anatol Belski

further cleanups with S_IF* macros generalized declarations


# 890a28d4 19-May-2015 Anatol Belski

Fixed bug #69511 Off-by-one bufferoverflow in php_sys_readlink


Revision tags: php-5.5.25, php-5.6.9, php-5.4.41, php-5.6.9RC1, php-5.5.25RC1
# 6e4a1b78 16-Apr-2015 Jan Starke

Fixed bug #69472 php_sys_readlink ignores misc errors from GetFinalPathNameByHandleA


Revision tags: php-5.6.8, php-5.5.24, php-5.4.40, php-5.6.8RC1, php-5.5.24RC1
# 313d01f3 29-Mar-2015 Kalle Sommer Nielsen

Drop old VC support in Zend Engine, this also kills the remaining MessageBox fix for Windows 9x that Anatol changed a while back


Revision tags: php-5.6.7, php-5.5.23, php-5.4.39, php-5.6.7RC1, php-5.5.23RC1, POST_PHP7_EREG_MYSQL_REMOVALS, PRE_PHP7_EREG_MYSQL_REMOVALS, php-5.6.6, php-5.5.22, php-5.4.38, POST_PHP7_REMOVALS, PRE_PHP7_REMOVALS, php-5.6.6RC1, php-5.5.22RC1, php-5.5.21, php-5.6.5, php-5.4.37
# fc33f52d 15-Jan-2015 Xinchen Hui

bump year


123456