dmitry Thu Feb 15 12:04:59 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src NEWS
/php-src/sapi/cgi fastcgi.c
Log:
Fixed Bug #40352 (FCGI_WEB_SERVER_ADDRS function get lost)
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.539&r2=1.2027.2.547.2.540&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.547.2.539 php-src/NEWS:1.2027.2.547.2.540
--- php-src/NEWS:1.2027.2.547.2.539 Thu Feb 15 10:38:28 2007
+++ php-src/NEWS Thu Feb 15 12:04:59 2007
@@ -14,6 +14,7 @@
node). (Tony)
- Fixed bug #40428 (imagepstext() doesn't accept optional parameter). (Pierre)
- Fixed bug #40410 (ext/posix does not compile on MacOS 10.3.9). (Tony)
+- Fixed Bug #40352 (FCGI_WEB_SERVER_ADDRS function get lost). (Dmitry)
- Fixed bug #40236 (php -a function allocation eats memory). (Dmitry)
- Fixed bug #40109 (iptcembed fails on non-jfif jpegs). (Tony)
- Fixed bug #39836 (SplObjectStorage empty after unserialize). (Marcus)
http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.4.2.13.2.14&r2=1.4.2.13.2.15&diff_format=u
Index: php-src/sapi/cgi/fastcgi.c
diff -u php-src/sapi/cgi/fastcgi.c:1.4.2.13.2.14
php-src/sapi/cgi/fastcgi.c:1.4.2.13.2.15
--- php-src/sapi/cgi/fastcgi.c:1.4.2.13.2.14 Mon Jan 1 09:36:12 2007
+++ php-src/sapi/cgi/fastcgi.c Thu Feb 15 12:04:59 2007
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: fastcgi.c,v 1.4.2.13.2.14 2007/01/01 09:36:12 sebastian Exp $ */
+/* $Id: fastcgi.c,v 1.4.2.13.2.15 2007/02/15 12:04:59 dmitry Exp $ */
#include "php.h"
#include "fastcgi.h"
@@ -153,6 +153,8 @@
#else
+static in_addr_t *allowed_clients = NULL;
+
static void fcgi_signal_handler(int signo)
{
if (signo == SIGUSR1 || signo == SIGTERM) {
@@ -317,6 +319,38 @@
if (!tcp) {
chmod(path, 0777);
+ } else {
+ char *ip = getenv("FCGI_WEB_SERVER_ADDRS");
+ char *cur, *end;
+ int n;
+
+ if (ip) {
+ ip = strdup(ip);
+ cur = ip;
+ n = 0;
+ while (*cur) {
+ if (*cur == ',') n++;
+ cur++;
+ }
+ allowed_clients = malloc(sizeof(in_addr_t) * (n+2));
+ n = 0;
+ cur = ip;
+ while (cur) {
+ end = strchr(cur, ',');
+ if (end) {
+ *end = 0;
+ end++;
+ }
+ allowed_clients[n] = inet_addr(cur);
+ if (allowed_clients[n] == INADDR_NONE) {
+ fprintf(stderr, "Wrong IP address '%s'
in FCGI_WEB_SERVER_ADDRS\n", cur);
+ }
+ n++;
+ cur = end;
+ }
+ allowed_clients[n] = INADDR_NONE;
+ free(ip);
+ }
}
if (!is_initialized) {
@@ -689,6 +723,24 @@
FCGI_LOCK(req->listen_socket);
req->fd = accept(req->listen_socket,
(struct sockaddr *)&sa, &len);
FCGI_UNLOCK(req->listen_socket);
+ if (req->fd >= 0 && allowed_clients) {
+ int n = 0;
+ int allowed = 0;
+
+ while (allowed_clients[n] !=
INADDR_NONE) {
+ if (allowed_clients[n] ==
sa.sa_inet.sin_addr.s_addr) {
+ allowed = 1;
+ break;
+ }
+ n++;
+ }
+ if (!allowed) {
+ fprintf(stderr,
"Connection from disallowed IP address '%s' is dropped.\n",
inet_ntoa(sa.sa_inet.sin_addr));
+ close(req->fd);
+ req->fd = -1;
+ continue;
+ }
+ }
}
#endif
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
