moriyoshi Mon Feb 10 15:13:36 2003 EDT
Modified files: (Branch: PHP_4_3)
/php4/main SAPI.c
Log:
MFH: fixed possible buffer overflow in 64bit systems
Index: php4/main/SAPI.c
diff -u php4/main/SAPI.c:1.155.2.6 php4/main/SAPI.c:1.155.2.7
--- php4/main/SAPI.c:1.155.2.6 Sun Feb 9 16:28:49 2003
+++ php4/main/SAPI.c Mon Feb 10 15:13:36 2003
@@ -18,7 +18,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: SAPI.c,v 1.155.2.6 2003/02/09 21:28:49 sas Exp $ */
+/* $Id: SAPI.c,v 1.155.2.7 2003/02/10 20:13:36 moriyoshi Exp $ */
#include <ctype.h>
#include <sys/stat.h>
@@ -619,14 +619,18 @@
0, &result_len, -1 TSRMLS_CC);
if(result_len==ptr_len) {
char *lower_temp =
estrdup(ptr);
- char conv_temp[32];
+ char conv_temp[64];
int conv_len;
php_strtolower(lower_temp,strlen(lower_temp));
/* If there is no realm string
at all, append one */
if(!strstr(lower_temp,"realm")) {
efree(result);
- conv_len =
sprintf(conv_temp," realm=\"%ld\"",myuid);
+ conv_len =
+snprintf(conv_temp, sizeof(conv_temp), " realm=\"%ld\"",myuid);
+ /* some broken
+snprintf() impls may return a negative value on failure */
+ if (conv_len < 0) {
+ conv_len = 0;
+ }
result =
emalloc(ptr_len+conv_len+1);
result_len =
ptr_len+conv_len;
memcpy(result, ptr,
ptr_len);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
