thetaphi Mon May 3 08:22:54 2004 EDT
Modified files: (Branch: PHP_4_3)
/php-src/sapi/nsapi nsapi.c
Log:
Security fix: Put '\0' string termination before loop
http://cvs.php.net/diff.php/php-src/sapi/nsapi/nsapi.c?r1=1.28.2.25&r2=1.28.2.26&ty=u
Index: php-src/sapi/nsapi/nsapi.c
diff -u php-src/sapi/nsapi/nsapi.c:1.28.2.25 php-src/sapi/nsapi/nsapi.c:1.28.2.26
--- php-src/sapi/nsapi/nsapi.c:1.28.2.25 Fri Dec 12 11:21:44 2003
+++ php-src/sapi/nsapi/nsapi.c Mon May 3 08:22:54 2004
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: nsapi.c,v 1.28.2.25 2003/12/12 16:21:44 thetaphi Exp $ */
+/* $Id: nsapi.c,v 1.28.2.26 2004/05/03 12:22:54 thetaphi Exp $ */
/*
* PHP includes
@@ -316,7 +316,7 @@
PHP_MINFO_FUNCTION(nsapi)
{
php_info_print_table_start();
- php_info_print_table_row(2, "NSAPI Module Revision", "$Revision: 1.28.2.25 $");
+ php_info_print_table_row(2, "NSAPI Module Revision", "$Revision: 1.28.2.26 $");
php_info_print_table_row(2, "Server Software", system_version());
php_info_print_table_row(2, "Sub-requests with nsapi_virtual()",
(nsapi_servact_service)?((zend_ini_long("zlib.output_compression",
sizeof("zlib.output_compression"), 0))?"not supported with
zlib.output_compression":"enabled"):"not supported on this platform" );
@@ -617,13 +617,13 @@
while (entry) {
if (!PG(safe_mode) || strncasecmp(entry->param->name,
"authorization", 13)) {
snprintf(buf, NS_BUF_SIZE, "HTTP_%s",
entry->param->name);
+ buf[NS_BUF_SIZE]='\0';
for(p = buf + 5; *p; p++) {
*p = toupper(*p);
if (*p < 'A' || *p > 'Z') {
*p = '_';
}
}
- buf[NS_BUF_SIZE]='\0';
php_register_variable(buf, entry->param->value,
track_vars_array TSRMLS_CC);
}
entry=entry->next;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
