iliaa Tue Feb 24 16:53:58 2004 EDT
Modified files: (Branch: PHP_4_3)
/php-src/ext/standard http_fopen_wrapper.c
/php-src NEWS
Log:
MFH: Fixed bug #27383 (Potential crash inside fopen_wrapper, while parsing
response code).
http://cvs.php.net/diff.php/php-src/ext/standard/http_fopen_wrapper.c?r1=1.53.2.14&r2=1.53.2.15&ty=u
Index: php-src/ext/standard/http_fopen_wrapper.c
diff -u php-src/ext/standard/http_fopen_wrapper.c:1.53.2.14
php-src/ext/standard/http_fopen_wrapper.c:1.53.2.15
--- php-src/ext/standard/http_fopen_wrapper.c:1.53.2.14 Fri Nov 28 13:51:14 2003
+++ php-src/ext/standard/http_fopen_wrapper.c Tue Feb 24 16:53:56 2004
@@ -18,7 +18,7 @@
| Wez Furlong <[EMAIL PROTECTED]> |
+----------------------------------------------------------------------+
*/
-/* $Id: http_fopen_wrapper.c,v 1.53.2.14 2003/11/28 18:51:14 iliaa Exp $ */
+/* $Id: http_fopen_wrapper.c,v 1.53.2.15 2004/02/24 21:53:56 iliaa Exp $ */
#include "php.h"
#include "php_globals.h"
@@ -339,17 +339,22 @@
}
- if (!php_stream_eof(stream)) {
+ if (!php_stream_eof(stream)) {
+ size_t tmp_line_len;
/* get response header */
- if (php_stream_gets(stream, tmp_line, sizeof(tmp_line)-1) != NULL)
{
+ if (_php_stream_get_line(stream, tmp_line, sizeof(tmp_line) - 1,
&tmp_line_len) != NULL) {
zval *http_response;
int response_code;
MAKE_STD_ZVAL(http_response);
ZVAL_NULL(http_response);
- response_code = atoi(tmp_line + 9);
+ if (tmp_line_len > 9) {
+ response_code = atoi(tmp_line + 9);
+ } else {
+ response_code = 0;
+ }
switch(response_code) {
case 200:
case 302:
@@ -361,11 +366,15 @@
tmp_line, response_code);
break;
default:
+ /* safety net in the event tmp_line == NULL */
+ if (!tmp_line_len) {
+ tmp_line[0] = '\0';
+ }
php_stream_notify_error(context,
PHP_STREAM_NOTIFY_FAILURE,
tmp_line, response_code);
}
- Z_STRLEN_P(http_response) = strlen(tmp_line);
+ Z_STRLEN_P(http_response) = tmp_line_len;
Z_STRVAL_P(http_response) = estrndup(tmp_line,
Z_STRLEN_P(http_response));
if
(Z_STRVAL_P(http_response)[Z_STRLEN_P(http_response)-1]=='\n') {
Z_STRVAL_P(http_response)[Z_STRLEN_P(http_response)-1]=0;
http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1247.2.576&r2=1.1247.2.577&ty=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.576 php-src/NEWS:1.1247.2.577
--- php-src/NEWS:1.1247.2.576 Tue Feb 24 03:49:38 2004
+++ php-src/NEWS Tue Feb 24 16:53:57 2004
@@ -1,6 +1,8 @@
PHP 4 NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? Feb 2004, Version 4.3.5
+- Fixed bug #27383 (Potential crash inside fopen_wrapper, while parsing
+ response code). (Ilia)
- Fixed bug #27341 (HEAD requests fail to return data). (Ilia)
- Fixed bug #27337 (missing sapi_shutdown() in sapi/isapi causes memory leak).
(Jani, msisolak at yahoo dot com)
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
