dmitry Thu Feb 15 12:04:59 2007 UTC Modified files: (Branch: PHP_5_2) /php-src NEWS /php-src/sapi/cgi fastcgi.c Log: Fixed Bug #40352 (FCGI_WEB_SERVER_ADDRS function get lost) http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.539&r2=1.2027.2.547.2.540&diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.539 php-src/NEWS:1.2027.2.547.2.540 --- php-src/NEWS:1.2027.2.547.2.539 Thu Feb 15 10:38:28 2007 +++ php-src/NEWS Thu Feb 15 12:04:59 2007 @@ -14,6 +14,7 @@ node). (Tony) - Fixed bug #40428 (imagepstext() doesn't accept optional parameter). (Pierre) - Fixed bug #40410 (ext/posix does not compile on MacOS 10.3.9). (Tony) +- Fixed Bug #40352 (FCGI_WEB_SERVER_ADDRS function get lost). (Dmitry) - Fixed bug #40236 (php -a function allocation eats memory). (Dmitry) - Fixed bug #40109 (iptcembed fails on non-jfif jpegs). (Tony) - Fixed bug #39836 (SplObjectStorage empty after unserialize). (Marcus) http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.4.2.13.2.14&r2=1.4.2.13.2.15&diff_format=u Index: php-src/sapi/cgi/fastcgi.c diff -u php-src/sapi/cgi/fastcgi.c:1.4.2.13.2.14 php-src/sapi/cgi/fastcgi.c:1.4.2.13.2.15 --- php-src/sapi/cgi/fastcgi.c:1.4.2.13.2.14 Mon Jan 1 09:36:12 2007 +++ php-src/sapi/cgi/fastcgi.c Thu Feb 15 12:04:59 2007 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: fastcgi.c,v 1.4.2.13.2.14 2007/01/01 09:36:12 sebastian Exp $ */ +/* $Id: fastcgi.c,v 1.4.2.13.2.15 2007/02/15 12:04:59 dmitry Exp $ */ #include "php.h" #include "fastcgi.h" @@ -153,6 +153,8 @@ #else +static in_addr_t *allowed_clients = NULL; + static void fcgi_signal_handler(int signo) { if (signo == SIGUSR1 || signo == SIGTERM) { @@ -317,6 +319,38 @@ if (!tcp) { chmod(path, 0777); + } else { + char *ip = getenv("FCGI_WEB_SERVER_ADDRS"); + char *cur, *end; + int n; + + if (ip) { + ip = strdup(ip); + cur = ip; + n = 0; + while (*cur) { + if (*cur == ',') n++; + cur++; + } + allowed_clients = malloc(sizeof(in_addr_t) * (n+2)); + n = 0; + cur = ip; + while (cur) { + end = strchr(cur, ','); + if (end) { + *end = 0; + end++; + } + allowed_clients[n] = inet_addr(cur); + if (allowed_clients[n] == INADDR_NONE) { + fprintf(stderr, "Wrong IP address '%s' in FCGI_WEB_SERVER_ADDRS\n", cur); + } + n++; + cur = end; + } + allowed_clients[n] = INADDR_NONE; + free(ip); + } } if (!is_initialized) { @@ -689,6 +723,24 @@ FCGI_LOCK(req->listen_socket); req->fd = accept(req->listen_socket, (struct sockaddr *)&sa, &len); FCGI_UNLOCK(req->listen_socket); + if (req->fd >= 0 && allowed_clients) { + int n = 0; + int allowed = 0; + + while (allowed_clients[n] != INADDR_NONE) { + if (allowed_clients[n] == sa.sa_inet.sin_addr.s_addr) { + allowed = 1; + break; + } + n++; + } + if (!allowed) { + fprintf(stderr, "Connection from disallowed IP address '%s' is dropped.\n", inet_ntoa(sa.sa_inet.sin_addr)); + close(req->fd); + req->fd = -1; + continue; + } + } } #endif
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php