#
3892529f |
| 03-Sep-2024 |
Christoph M. Becker |
Close-GH 15685: improve proc_open error reporting on Windows While similar errors are already reported via `strerror()` on other platforms, this has apparently overlooked for Windows, wh
Close-GH 15685: improve proc_open error reporting on Windows While similar errors are already reported via `strerror()` on other platforms, this has apparently overlooked for Windows, where only the error code has been reported so far. We adapt the affected test cases, but since there is no PHP userland function which allows us to get the current system locale, we work around. Closes GH-15687.
show more ...
|
#
4b15f5d4 |
| 20-Apr-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GHSA-9fcc-425m-g385: bypass CVE-2024-1874 The old code checked for suffixes but didn't take into account trailing whitespace. Furthermore, there is peculiar behaviour with trailing d
Fix GHSA-9fcc-425m-g385: bypass CVE-2024-1874 The old code checked for suffixes but didn't take into account trailing whitespace. Furthermore, there is peculiar behaviour with trailing dots too. This all happens because of the special path-handling code inside CreateProcessW. By studying Wine's code, we can see that CreateProcessInternalW calls get_file_name [1] in our case because we haven't provided an application name. That code gets the first whitespace-delimited string into app_name excluding the quotes. It's then passed to create_process_params [2] where there is the path handling code that transforms the command line argument to an image path [3]. Inside Wine, the extension check if performed after these transformations [4]. By doing the same thing in PHP we match the behaviour and can properly match the extension even in the given edge cases. [1] https://github.com/wine-mirror/wine/blob/166895ae3ad3890ad946a309d0fd85e89ea3630e/dlls/kernelbase/process.c#L542-L543 [2] https://github.com/wine-mirror/wine/blob/166895ae3ad3890ad946a309d0fd85e89ea3630e/dlls/kernelbase/process.c#L565 [3] https://github.com/wine-mirror/wine/blob/166895ae3ad3890ad946a309d0fd85e89ea3630e/dlls/kernelbase/process.c#L150-L151 [4] https://github.com/wine-mirror/wine/blob/166895ae3ad3890ad946a309d0fd85e89ea3630e/dlls/kernelbase/process.c#L647-L654
show more ...
|