On Sat, 04 Feb 2012 16:35:04 +0100, Ángel González wrote:
Gustavo Lopes wrote:
On Sat, 04 Feb 2012 00:06:45 +0100, Ángel González wrote:
I've gone ahead and written code for that feature. Comments
welcome.
The comparison has a problem: if char is signed (the most common
scenario), you'll be m
Gustavo Lopes wrote:
> On Sat, 04 Feb 2012 00:06:45 +0100, Ángel González wrote:
>> I've gone ahead and written code for that feature. Comments welcome.
>
> The comparison has a problem: if char is signed (the most common
> scenario), you'll be making a signed comparison, so any character over
> 0x
On Fri, 03 Feb 2012 14:00:11 -0800, Stas Malyshev wrote:
Hi!
As it's a security patch and of small scope, I would consider it for
5.4. Stas, David?
Do we have unit tests for this code? The fix involves changes in
header sending so it may have impact on lots of code. Changes like
this can be d
On Sat, 04 Feb 2012 00:06:45 +0100, Ángel González wrote:
On 03/02/12 21:44, Ángel González wrote:
On 03/02/12 15:01, Gustavo Lopes wrote:
I've committed a different version that also forbids \0 (since, as
Stefan says, a NUL byte can result in the truncation of the rest of
the header) and that
On Sat, Feb 4, 2012 at 12:06 AM, Ángel González wrote:
> I've gone ahead and written code for that feature. Comments welcome.
If I understand it correctly your code only allows \r\n[ \t] style
line continuations, whereas catahracts previous version allowed
(?>\r\n|\r|\n)[ \t]. Is that intentional
On 03/02/12 21:44, Ángel González wrote:
> On 03/02/12 15:01, Gustavo Lopes wrote:
>> I've committed a different version that also forbids \0 (since, as
>> Stefan says, a NUL byte can result in the truncation of the rest of
>> the header) and that accepts a CRLF:
>>
>> http://svn.php.net/viewvc/php
On 03/02/12 23:00, Stas Malyshev wrote:
> Hi!
>
>> As it's a security patch and of small scope, I would consider it for
>> 5.4. Stas, David?
>
> Do we have unit tests for this code? The fix involves changes in header
> sending so it may have impact on lots of code. Changes like this can be
> dang
On Fri, Feb 3, 2012 at 10:37 PM, Reindl Harald wrote:
>
>
> Am 03.02.2012 21:44, schrieb Ángel González:
>>> If you or anyone else find any problem, please report a bug; otherwise
>>> I'll merge to 5.3 and 5.4 once 5.4 is out of code freeze.
>>>
>> As it's a security patch and of small scope, I wo
Hi!
As it's a security patch and of small scope, I would consider it for
5.4. Stas, David?
Do we have unit tests for this code? The fix involves changes in header
sending so it may have impact on lots of code. Changes like this can be
dangerous. I'm thinking maybe we should wait with it unti
On Fri, Feb 3, 2012 at 10:37 PM, Reindl Harald wrote:
>
>
> Am 03.02.2012 21:44, schrieb Ángel González:
> >> If you or anyone else find any problem, please report a bug; otherwise
> >> I'll merge to 5.3 and 5.4 once 5.4 is out of code freeze.
> >>
> > As it's a security patch and of small scope,
Am 03.02.2012 21:44, schrieb Ángel González:
>> If you or anyone else find any problem, please report a bug; otherwise
>> I'll merge to 5.3 and 5.4 once 5.4 is out of code freeze.
>>
> As it's a security patch and of small scope, I would consider it for
> 5.4. Stas, David?
as it is SECURITY rele
On 03/02/12 15:01, Gustavo Lopes wrote:
> I've committed a different version that also forbids \0 (since, as
> Stefan says, a NUL byte can result in the truncation of the rest of
> the header) and that accepts a CRLF:
>
> http://svn.php.net/viewvc/php/php-src/trunk/main/SAPI.c?r1=323043&r2=323042&p
On Fri, 03 Feb 2012 15:13:56 +0100, John LeSueur
wrote:
I could be wrong, but doesn't:
(header_line[i+1] != ' ' && header_line[i+1] != '\t')
access an element past the end of the header_line array on the last
iteration of the for loop? shouldn't the for loop go until
header_line_len
- 1?
On Fri, Feb 3, 2012 at 7:01 AM, Gustavo Lopes wrote:
> On Fri, 03 Feb 2012 13:03:24 +0100, Gustavo Lopes
> wrote:
>
> On Fri, 03 Feb 2012 12:06:26 +0100, Stefan Esser <
>> stefan.es...@sektioneins.de> wrote:
>>
>> [snip]
>>> obviously inside PHP no one cares about reviewing security patches.
>>
On Fri, 03 Feb 2012 13:03:24 +0100, Gustavo Lopes
wrote:
On Fri, 03 Feb 2012 12:06:26 +0100, Stefan Esser
wrote:
[snip]
obviously inside PHP no one cares about reviewing security patches.
Perhaps then you'd want to comment on:
http://nebm.ist.utl.pt/~glopes/misc/bug60227.diff , whic
On Fri, 03 Feb 2012 12:06:26 +0100, Stefan Esser
wrote:
[snip]
obviously inside PHP no one cares about reviewing security patches.
Perhaps then you'd want to comment on:
http://nebm.ist.utl.pt/~glopes/misc/bug60227.diff , which addresses the
NUL byte issue, although now I'm thinking th
On Fri, 03 Feb 2012 12:06:26 +0100, Stefan Esser
wrote:
[snip]
Luckily it is not affecting everyone, because at least the Apache SAPI
will stop sending the header at the NUL byte, too.
However everybody running CGI/FastCGI will loose the protection with
this.
[snip]
Good point, and I
17 matches
Mail list logo
