moriyoshi Mon Feb 10 15:11:10 2003 EDT
Modified files:
/php4/main SAPI.c
Log:
Fixed possible buffer overflow in 64bit systems
Index: php4/main/SAPI.c
diff -u php4/main/SAPI.c:1.167 php4/main/SAPI.c:1.168
--- php4/main/SAPI.c:1.167 Mon Feb 10 14:45:34 2003
+++ php4/main/SAPI.c Mon Feb 10 15:11:10 2003
@@ -18,7 +18,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: SAPI.c,v 1.167 2003/02/10 19:45:34 moriyoshi Exp $ */
+/* $Id: SAPI.c,v 1.168 2003/02/10 20:11:10 moriyoshi Exp $ */
#include <ctype.h>
#include <sys/stat.h>
@@ -619,14 +619,18 @@
0, &result_len, -1 TSRMLS_CC);
if(result_len==ptr_len) {
char *lower_temp =
estrdup(ptr);
- char conv_temp[32];
+ char conv_temp[64];
int conv_len;
php_strtolower(lower_temp,strlen(lower_temp));
/* If there is no realm string
at all, append one */
if(!strstr(lower_temp,"realm")) {
efree(result);
- conv_len =
sprintf(conv_temp," realm=\"%ld\"",myuid);
+ conv_len =
+snprintf(conv_temp, sizeof(conv_temp), " realm=\"%ld\"",myuid);
+ /* some broken
+snprintf() impls may return a negative value on failure */
+ if (conv_len < 0) {
+ conv_len = 0;
+ }
result =
emalloc(ptr_len+conv_len+1);
result_len =
ptr_len+conv_len;
memcpy(result, ptr,
ptr_len);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
