tony2001 Wed Feb 15 11:16:30 2006 UTC
Modified files:
/php-src/sapi/isapi php5isapi.c
Log:
MF51: fix memory leak and possible invalid reads
http://cvs.php.net/viewcvs.cgi/php-src/sapi/isapi/php5isapi.c?r1=1.9&r2=1.10&diff_format=u
Index: php-src/sapi/isapi/php5isapi.c
diff -u php-src/sapi/isapi/php5isapi.c:1.9 php-src/sapi/isapi/php5isapi.c:1.10
--- php-src/sapi/isapi/php5isapi.c:1.9 Sun Jan 1 13:09:58 2006
+++ php-src/sapi/isapi/php5isapi.c Wed Feb 15 11:16:30 2006
@@ -16,7 +16,7 @@
| Ben Mansell <[EMAIL PROTECTED]> (Zeus Support)
|
+----------------------------------------------------------------------+
*/
-/* $Id: php5isapi.c,v 1.9 2006/01/01 13:09:58 sniper Exp $ */
+/* $Id: php5isapi.c,v 1.10 2006/02/15 11:16:30 tony2001 Exp $ */
#include "php.h"
#include <httpext.h>
@@ -279,14 +279,18 @@
break;
default: {
const char *sline = SG(sapi_headers).http_status_line;
-
- status_buf = emalloc(MAX_STATUS_LENGTH + 1);
+ int sline_len;
/* httpd requires that r->status_line is set to the
first digit of
* the status-code: */
- if (sline && strlen(sline) > 12 && strncmp(sline,
"HTTP/1.", 7) == 0 && sline[8] == ' ') {
- status_buf = estrndup(sline + 9,
MAX_STATUS_LENGTH);
+ if (sline && ((sline_len = strlen(sline)) > 12) &&
strncmp(sline, "HTTP/1.", 7) == 0 && sline[8] == ' ') {
+ if ((sline_len - 9) > MAX_STATUS_LENGTH) {
+ status_buf = estrndup(sline + 9,
MAX_STATUS_LENGTH);
+ } else {
+ status_buf = estrndup(sline + 9,
sline_len - 9);
+ }
} else {
+ status_buf = emalloc(MAX_STATUS_LENGTH + 1);
snprintf(status_buf, MAX_STATUS_LENGTH, "%d
Undescribed", SG(sapi_headers).http_response_code);
}
header_info.pszStatus = status_buf;
@@ -302,9 +306,9 @@
lpECB->ServerSupportFunction(lpECB->ConnID,
HSE_REQ_SEND_RESPONSE_HEADER_EX, &header_info, NULL, NULL);
efree(combined_headers);
- if (status_buf) {
+ if (status_buf) {
efree(status_buf);
- }
+ }
return SAPI_HEADER_SENT_SUCCESSFULLY;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
