summaryrefslogtreecommitdiff
path: root/ext/xmlrpc
diff options
context:
space:
mode:
Diffstat (limited to 'ext/xmlrpc')
-rw-r--r--ext/xmlrpc/tests/bug18916.phpt2
-rw-r--r--ext/xmlrpc/tests/bug44996.phpt2
-rw-r--r--ext/xmlrpc/tests/bug45226.phpt2
-rw-r--r--ext/xmlrpc/tests/bug45555.phpt2
-rw-r--r--ext/xmlrpc/tests/bug45556.phpt2
-rw-r--r--ext/xmlrpc/tests/bug47818.phpt2
-rw-r--r--ext/xmlrpc/tests/bug50285.phpt2
-rw-r--r--ext/xmlrpc/tests/bug50761.phpt2
-rw-r--r--ext/xmlrpc/tests/bug51288.phpt14
-rw-r--r--ext/xmlrpc/xmlrpc-epi-php.c17
10 files changed, 42 insertions, 5 deletions
diff --git a/ext/xmlrpc/tests/bug18916.phpt b/ext/xmlrpc/tests/bug18916.phpt
index b2eb525d8..487838b60 100644
--- a/ext/xmlrpc/tests/bug18916.phpt
+++ b/ext/xmlrpc/tests/bug18916.phpt
@@ -1,5 +1,7 @@
--TEST--
Bug #18916 (xmlrpc_set_type() not working)
+--SKIPIF--
+<?php if (!extension_loaded("xmlrpc")) print "skip"; ?>
--INI--
date.timezone="America/Sao_Paulo"
--FILE--
diff --git a/ext/xmlrpc/tests/bug44996.phpt b/ext/xmlrpc/tests/bug44996.phpt
index dc1bc5d4f..0f4d016e5 100644
--- a/ext/xmlrpc/tests/bug44996.phpt
+++ b/ext/xmlrpc/tests/bug44996.phpt
@@ -1,5 +1,7 @@
--TEST--
Bug #44996 (xmlrpc_decode() ignores time zone on iso8601.datetime)
+--SKIPIF--
+<?php if (!extension_loaded("xmlrpc")) print "skip"; ?>
--FILE--
<?php
diff --git a/ext/xmlrpc/tests/bug45226.phpt b/ext/xmlrpc/tests/bug45226.phpt
index af9b6c472..e05385030 100644
--- a/ext/xmlrpc/tests/bug45226.phpt
+++ b/ext/xmlrpc/tests/bug45226.phpt
@@ -2,6 +2,8 @@
Bug #45226 (xmlrpc_set_type() segfaults with valid ISO8601 date string)
--INI--
date.timezone="America/Sao_Paulo"
+--SKIPIF--
+<?php if (!extension_loaded("xmlrpc")) print "skip"; ?>
--FILE--
<?php
diff --git a/ext/xmlrpc/tests/bug45555.phpt b/ext/xmlrpc/tests/bug45555.phpt
index 376b14fec..6b3da24c0 100644
--- a/ext/xmlrpc/tests/bug45555.phpt
+++ b/ext/xmlrpc/tests/bug45555.phpt
@@ -1,5 +1,7 @@
--TEST--
Bug #45555 (Segfault with invalid non-string as register_introspection_callback)
+--SKIPIF--
+<?php if (!extension_loaded("xmlrpc")) print "skip"; ?>
--FILE--
<?php
diff --git a/ext/xmlrpc/tests/bug45556.phpt b/ext/xmlrpc/tests/bug45556.phpt
index 0e463e669..34897d8c9 100644
--- a/ext/xmlrpc/tests/bug45556.phpt
+++ b/ext/xmlrpc/tests/bug45556.phpt
@@ -1,5 +1,7 @@
--TEST--
Bug #45556 (Return value from callback isn't freed)
+--SKIPIF--
+<?php if (!extension_loaded("xmlrpc")) print "skip"; ?>
--FILE--
<?php
diff --git a/ext/xmlrpc/tests/bug47818.phpt b/ext/xmlrpc/tests/bug47818.phpt
index 57e109030..a2944d8ec 100644
--- a/ext/xmlrpc/tests/bug47818.phpt
+++ b/ext/xmlrpc/tests/bug47818.phpt
@@ -1,5 +1,7 @@
--TEST--
Bug #47818 (Segfault due to bound callback param)
+--SKIPIF--
+<?php if (!extension_loaded("xmlrpc")) print "skip"; ?>
--FILE--
<?php
diff --git a/ext/xmlrpc/tests/bug50285.phpt b/ext/xmlrpc/tests/bug50285.phpt
index cf766fc40..5da803c36 100644
--- a/ext/xmlrpc/tests/bug50285.phpt
+++ b/ext/xmlrpc/tests/bug50285.phpt
@@ -1,5 +1,7 @@
--TEST--
Bug #50285 (xmlrpc does not preserve keys in encoded indexed arrays)
+--SKIPIF--
+<?php if (!extension_loaded("xmlrpc")) print "skip"; ?>
--FILE--
<?php
diff --git a/ext/xmlrpc/tests/bug50761.phpt b/ext/xmlrpc/tests/bug50761.phpt
index 653d8502f..ada19409c 100644
--- a/ext/xmlrpc/tests/bug50761.phpt
+++ b/ext/xmlrpc/tests/bug50761.phpt
@@ -1,5 +1,7 @@
--TEST--
Bug #50761 (system.multiCall crashes)
+--SKIPIF--
+<?php if (!extension_loaded("xmlrpc")) print "skip"; ?>
--FILE--
<?php
$req = '<?xml version="1.0"?>
diff --git a/ext/xmlrpc/tests/bug51288.phpt b/ext/xmlrpc/tests/bug51288.phpt
new file mode 100644
index 000000000..d9bdef822
--- /dev/null
+++ b/ext/xmlrpc/tests/bug51288.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Bug #51288 (CVE-2010-0397, NULL pointer deref when no <methodName> in request)
+--FILE--
+<?php
+$method = NULL;
+$req = '<?xml version="1.0"?><methodCall></methodCall>';
+var_dump(xmlrpc_decode_request($req, $method));
+var_dump($method);
+echo "Done\n";
+?>
+--EXPECT--
+NULL
+NULL
+Done
diff --git a/ext/xmlrpc/xmlrpc-epi-php.c b/ext/xmlrpc/xmlrpc-epi-php.c
index 054ea2f2a..d81eb8a86 100644
--- a/ext/xmlrpc/xmlrpc-epi-php.c
+++ b/ext/xmlrpc/xmlrpc-epi-php.c
@@ -51,7 +51,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: xmlrpc-epi-php.c 294452 2010-02-03 20:19:05Z pajoye $ */
+/* $Id: xmlrpc-epi-php.c 296153 2010-03-13 20:26:51Z felipe $ */
/**********************************************************************
* BUGS: *
@@ -778,6 +778,7 @@ zval* decode_request_worker(char *xml_in, int xml_in_len, char *encoding_in, zva
zval* retval = NULL;
XMLRPC_REQUEST response;
STRUCT_XMLRPC_REQUEST_INPUT_OPTIONS opts = {{0}};
+ const char *method_name;
opts.xml_elem_opts.encoding = encoding_in ? utf8_get_encoding_id_from_string(encoding_in) : ENCODING_DEFAULT;
/* generate XMLRPC_REQUEST from raw xml */
@@ -788,10 +789,16 @@ zval* decode_request_worker(char *xml_in, int xml_in_len, char *encoding_in, zva
if (XMLRPC_RequestGetRequestType(response) == xmlrpc_request_call) {
if (method_name_out) {
- zval_dtor(method_name_out);
- Z_TYPE_P(method_name_out) = IS_STRING;
- Z_STRVAL_P(method_name_out) = estrdup(XMLRPC_RequestGetMethodName(response));
- Z_STRLEN_P(method_name_out) = strlen(Z_STRVAL_P(method_name_out));
+ method_name = XMLRPC_RequestGetMethodName(response);
+ if (method_name) {
+ zval_dtor(method_name_out);
+ Z_TYPE_P(method_name_out) = IS_STRING;
+ Z_STRVAL_P(method_name_out) = estrdup(method_name);
+ Z_STRLEN_P(method_name_out) = strlen(Z_STRVAL_P(method_name_out));
+ } else if (retval) {
+ zval_ptr_dtor(&retval);
+ retval = NULL;
+ }
}
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-27 20:47:23 +0000