tony2001 Mon Jun 19 17:49:20 2006 UTC Modified files: /php-src/sapi/cgi cgi_main.c Log: plug leak in CGI SAPI when running scripts with query string in console http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.294&r2=1.295&diff_format=u Index: php-src/sapi/cgi/cgi_main.c diff -u php-src/sapi/cgi/cgi_main.c:1.294 php-src/sapi/cgi/cgi_main.c:1.295 --- php-src/sapi/cgi/cgi_main.c:1.294 Mon Jun 19 11:38:51 2006 +++ php-src/sapi/cgi/cgi_main.c Mon Jun 19 17:49:20 2006 @@ -21,7 +21,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: cgi_main.c,v 1.294 2006/06/19 11:38:51 tony2001 Exp $ */ +/* $Id: cgi_main.c,v 1.295 2006/06/19 17:49:20 tony2001 Exp $ */ #include "php.h" #include "php_globals.h" @@ -922,6 +922,7 @@ */ int main(int argc, char *argv[]) { + int free_query_string = 0; int exit_status = SUCCESS; int cgi = 0, c, i, len; zend_file_handle file_handle; @@ -1443,7 +1444,7 @@ len += strlen(argv[i]) + 1; } - s = malloc(len + 1); /* leak - but only for command line version, so ok */ + s = malloc(len + 1); *s = '\0'; /* we are pretending it came from the environment */ for (i = php_optind, len = 0; i < argc; i++) { strcat(s, argv[i]); @@ -1452,6 +1453,7 @@ } } SG(request_info).query_string = s; + free_query_string = 1; } } /* end !cgi && !fastcgi */ @@ -1601,6 +1603,10 @@ free(SG(request_info).path_translated); SG(request_info).path_translated = NULL; } + if (free_query_string && SG(request_info).query_string) { + free(SG(request_info).query_string); + SG(request_info).query_string = NULL; + } } if (!fastcgi) break;
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php