ID: 49372
Updated by: [email protected]
Reported By: sergk at sergk dot org dot ua
-Status: Open
+Status: Feedback
Bug Type: Reproducible crash
Operating System: Debian GNU/Linux, kernel 2.6.30
PHP Version: 5.2.10
-Assigned To:
+Assigned To: pajoye
New Comment:
Thanks for the patch.
Do you have a small code to test it? I could quickly use it as phpt.
Previous Comments:
------------------------------------------------------------------------
[2009-08-26 13:35:57] sergk at sergk dot org dot ua
this patch will fix bug:
--- php-5.2.10.orig/ext/curl/interface.c 2009-06-15
12:38:11.000000000 +0000
+++ php-5.2.10/ext/curl/interface.c 2009-08-26 11:22:15.000000000
+0000
@@ -183,10 +183,12 @@
return 0;
}
- if (!strncasecmp("file", uri->scheme, sizeof("file")))
{
- php_error_docref(NULL TSRMLS_CC, E_WARNING,
"Protocol 'file' disabled in cURL");
- php_url_free(uri);
- return 0;
+ if (uri->scheme != NULL) {
+ if (!strncasecmp("file", uri->scheme,
sizeof("file")-1)) {
+ php_error_docref(NULL TSRMLS_CC,
E_WARNING, "Protocol 'file' disabled in cURL");
+ php_url_free(uri);
+ return 0;
+ }
}
php_url_free(uri);
#endif
------------------------------------------------------------------------
[2009-08-26 13:30:58] sergk at sergk dot org dot ua
Description:
------------
There is segfault in strncasecmp calling from this code:
curl/interface.c:186 :
if (!strncasecmp("file", uri->scheme, sizeof("file"))) {
...
when URI is without protocol part hence uri->scheme is NULL.
Like in this example of backtrace:
#0 0xb7e20a8b in strncasecmp () from /lib/i686/cmov/libc.so.6
#1 0xb777dd11 in php_curl_option_url (ch=0x856be00,
url=0x856e360
"show.setlinks.ru/?host=SCREENEDHOSTNAME&k=WINDOWS-1251&p=b44eff595164745dee4a6a655a57a425",
len=<value optimized out>) at
/opt/src/build/apache-1-dweb/dbuild/003d/php-5.2.10/ext/curl/interface.c:187
This bug is also present in last 5.2.x development snapshot.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=49372&edit=1
