sesser Tue Feb 11 16:41:33 2003 EDT
Modified files:
/php4/main SAPI.c
Log:
8 + 20 + 1 + 1 = 30
There was no Bufferoverflow on 64bit systems.
And the "fix" broke the header code on systems with old style snprintf.
Index: php4/main/SAPI.c
diff -u php4/main/SAPI.c:1.169 php4/main/SAPI.c:1.170
--- php4/main/SAPI.c:1.169 Mon Feb 10 15:18:08 2003
+++ php4/main/SAPI.c Tue Feb 11 16:41:32 2003
@@ -18,7 +18,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: SAPI.c,v 1.169 2003/02/10 20:18:08 moriyoshi Exp $ */
+/* $Id: SAPI.c,v 1.170 2003/02/11 21:41:32 sesser Exp $ */
#include <ctype.h>
#include <sys/stat.h>
@@ -619,18 +619,14 @@
0, &result_len, -1 TSRMLS_CC);
if(result_len==ptr_len) {
char *lower_temp =
estrdup(ptr);
- char conv_temp[64];
+ char conv_temp[32];
int conv_len;
php_strtolower(lower_temp,strlen(lower_temp));
/* If there is no realm string
at all, append one */
if(!strstr(lower_temp,"realm")) {
efree(result);
- conv_len =
snprintf(conv_temp, sizeof(conv_temp), " realm=\"%ld\"",myuid);
- /* some broken
snprintf() impls may return a negative value on failure */
- if (conv_len < 0) {
- conv_len = 0;
- }
+ conv_len =
+sprintf(conv_temp, sizeof(conv_temp), " realm=\"%ld\"",myuid);
result =
emalloc(ptr_len+conv_len+1);
result_len =
ptr_len+conv_len;
memcpy(result, ptr,
ptr_len);
@@ -653,7 +649,7 @@
#else
{
myuid = php_getuid();
- result = emalloc(32);
+ result = emalloc(sizeof("WWW-Authenticate:
+")+20);
newlen = sprintf(result, "WWW-Authenticate:
%ld", myuid);
newheader = estrndup(result,newlen);
efree(header_line);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
