NEWS entry? On 5/22/06, Dmitry Stogov <[EMAIL PROTECTED]> wrote:
dmitry Mon May 22 09:22:20 2006 UTCModified files: (Branch: PHP_5_2) /php-src/sapi/cgi fastcgi.c Log: Fixed bug #37496 (FastCGI output buffer overrun) http://cvs.php.net/viewcvs.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.4.2.13.2.3&r2=1.4.2.13.2.4&diff_format=u Index: php-src/sapi/cgi/fastcgi.c diff -u php-src/sapi/cgi/fastcgi.c:1.4.2.13.2.3 php-src/sapi/cgi/fastcgi.c:1.4.2.13.2.4 --- php-src/sapi/cgi/fastcgi.c:1.4.2.13.2.3 Mon May 22 06:49:48 2006 +++ php-src/sapi/cgi/fastcgi.c Mon May 22 09:22:20 2006 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: fastcgi.c,v 1.4.2.13.2.3 2006/05/22 06:49:48 tony2001 Exp $ */ +/* $Id: fastcgi.c,v 1.4.2.13.2.4 2006/05/22 09:22:20 dmitry Exp $ */ #include "php.h" #include "fastcgi.h" @@ -764,15 +764,17 @@ if (req->out_hdr && req->out_hdr->type != type) { close_packet(req); } - rest = len; #if 0 - /* Unoptinmzed, but clear version */ + /* Unoptimized, but clear version */ + rest = len; while (rest > 0) { limit = sizeof(req->out_buf) - (req->out_pos - req->out_buf); if (!req->out_hdr) { if (limit < sizeof(fcgi_header)) { - fcgi_flush(req, 0); + if (!fcgi_flush(req, 0)) { + return -1; + } } open_packet(req, type); } @@ -786,32 +788,38 @@ req->out_pos += limit; rest -= limit; str += limit; - fcgi_flush(req, 0); + if (!fcgi_flush(req, 0)) { + return -1; + } } } #else - /* Optinmzed version */ + /* Optimized version */ + limit = sizeof(req->out_buf) - (req->out_pos - req->out_buf); if (!req->out_hdr) { - rest += sizeof(fcgi_header); + limit -= sizeof(fcgi_header); } - limit = sizeof(req->out_buf) - (req->out_pos - req->out_buf); - if (rest < limit) { + if (len < limit) { if (!req->out_hdr) { open_packet(req, type); } memcpy(req->out_pos, str, len); req->out_pos += len; - } else if (rest - limit < sizeof(req->out_buf) - sizeof(fcgi_header)) { + } else if (len - limit < sizeof(req->out_buf) - sizeof(fcgi_header)) { if (!req->out_hdr) { open_packet(req, type); } memcpy(req->out_pos, str, limit); req->out_pos += limit; - fcgi_flush(req, 0); - open_packet(req, type); - memcpy(req->out_pos, str + limit, len - limit); - req->out_pos += len - limit; + if (!fcgi_flush(req, 0)) { + return -1; + } + if (len > limit) { + open_packet(req, type); + memcpy(req->out_pos, str + limit, len - limit); + req->out_pos += len - limit; + } } else { int pos = 0; int pad; @@ -821,7 +829,9 @@ open_packet(req, type); fcgi_make_header(req->out_hdr, type, req->id, 0xfff8); req->out_hdr = NULL; - fcgi_flush(req, 0); + if (!fcgi_flush(req, 0)) { + return -1; + } if (safe_write(req, str + pos, 0xfff8) != 0xfff8) { req->keep = 0; return -1; @@ -835,7 +845,9 @@ open_packet(req, type); fcgi_make_header(req->out_hdr, type, req->id, (len - pos) - rest); req->out_hdr = NULL; - fcgi_flush(req, 0); + if (!fcgi_flush(req, 0)) { + return -1; + } if (safe_write(req, str + pos, (len - pos) - rest) != (len - pos) - rest) { req->keep = 0; return -1; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
