This is against the proper procedure. You're supposed to commit first to HEAD then MFH to the appropriate branch. We don't have the luxury of having some divas around here who think they can do whatever they like..
Can someone please revoke Ilia's CVS account? Only committing to a branch and leaving the trunk unpatched is sabotage IMO.. --Jani On Tue, 2007-09-04 at 12:51 +0000, Ilia Alshanetsky wrote: > iliaa Tue Sep 4 12:51:49 2007 UTC > > Modified files: (Branch: PHP_5_2) > /php-src/ext/standard file.c dir.c > /php-src NEWS > Log: > > Fixed possible buffer overflows inside the fnmatch() and glob() functions > > http://cvs.php.net/viewvc.cgi/php-src/ext/standard/file.c?r1=1.409.2.6.2.27&r2=1.409.2.6.2.28&diff_format=u > Index: php-src/ext/standard/file.c > diff -u php-src/ext/standard/file.c:1.409.2.6.2.27 > php-src/ext/standard/file.c:1.409.2.6.2.28 > --- php-src/ext/standard/file.c:1.409.2.6.2.27 Mon Sep 3 02:53:56 2007 > +++ php-src/ext/standard/file.c Tue Sep 4 12:51:49 2007 > @@ -21,7 +21,7 @@ > +----------------------------------------------------------------------+ > */ > > -/* $Id: file.c,v 1.409.2.6.2.27 2007/09/03 02:53:56 iliaa Exp $ */ > +/* $Id: file.c,v 1.409.2.6.2.28 2007/09/04 12:51:49 iliaa Exp $ */ > > /* Synced with php 3.0 revision 1.218 1999-06-16 [ssb] */ > > @@ -2518,6 +2518,11 @@ > == FAILURE) > return; > > + if (filename_len >= MAXPATHLEN) { > + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Filename exceeds > the maximum allowed length of %d characters", MAXPATHLEN); > + RETURN_FALSE; > + } > + > RETURN_BOOL( ! fnmatch( pattern, filename, flags )); > } > /* }}} */ > http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?r1=1.147.2.3.2.10&r2=1.147.2.3.2.11&diff_format=u > Index: php-src/ext/standard/dir.c > diff -u php-src/ext/standard/dir.c:1.147.2.3.2.10 > php-src/ext/standard/dir.c:1.147.2.3.2.11 > --- php-src/ext/standard/dir.c:1.147.2.3.2.10 Wed Aug 22 14:59:44 2007 > +++ php-src/ext/standard/dir.c Tue Sep 4 12:51:49 2007 > @@ -16,7 +16,7 @@ > +----------------------------------------------------------------------+ > */ > > -/* $Id: dir.c,v 1.147.2.3.2.10 2007/08/22 14:59:44 jani Exp $ */ > +/* $Id: dir.c,v 1.147.2.3.2.11 2007/09/04 12:51:49 iliaa Exp $ */ > > /* {{{ includes/startup/misc */ > > @@ -401,6 +401,11 @@ > return; > } > > + if (pattern_len >= MAXPATHLEN) { > + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Pattern exceeds > the maximum allowed length of %d characters", MAXPATHLEN); > + RETURN_FALSE; > + } > + > if ((GLOB_AVAILABLE_FLAGS & flags) != flags) { > php_error_docref(NULL TSRMLS_CC, E_WARNING, "At least one of > the passed flags is invalid or not supported on this platform"); > RETURN_FALSE; > http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.925&r2=1.2027.2.547.2.926&diff_format=u > Index: php-src/NEWS > diff -u php-src/NEWS:1.2027.2.547.2.925 php-src/NEWS:1.2027.2.547.2.926 > --- php-src/NEWS:1.2027.2.547.2.925 Mon Sep 3 15:36:04 2007 > +++ php-src/NEWS Tue Sep 4 12:51:49 2007 > @@ -1,6 +1,9 @@ > PHP > NEWS > > ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| > ?? ??? 20??, PHP 5.2.5 > +- Fixed possible buffer overflows inside the fnmatch() and glob() functions > + reported by Laurent gaffie (Ilia) > + > - Upgraded PCRE to version 7.3 (Nuno) > - Added optional parameter $provide_object to debug_backtrace(). (Sebastian) > > -- Make me happy: http://pecl.php.net/wishlist.php/jani -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
