iliaa Mon Feb 26 02:12:36 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/standard head.c
Log:
Revert previous commit that caused a buffer overflow (Bug #40634)
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/head.c?r1=1.84.2.1.2.6&r2=1.84.2.1.2.7&diff_format=u
Index: php-src/ext/standard/head.c
diff -u php-src/ext/standard/head.c:1.84.2.1.2.6
php-src/ext/standard/head.c:1.84.2.1.2.7
--- php-src/ext/standard/head.c:1.84.2.1.2.6 Sat Feb 24 02:17:27 2007
+++ php-src/ext/standard/head.c Mon Feb 26 02:12:36 2007
@@ -15,7 +15,7 @@
| Author: Rasmus Lerdorf <[EMAIL PROTECTED]> |
+----------------------------------------------------------------------+
*/
-/* $Id: head.c,v 1.84.2.1.2.6 2007/02/24 02:17:27 helly Exp $ */
+/* $Id: head.c,v 1.84.2.1.2.7 2007/02/26 02:12:36 iliaa Exp $ */
#include <stdio.h>
#include "php.h"
@@ -94,6 +94,9 @@
if (domain) {
len += domain_len;
}
+
+ cookie = emalloc(len + 100);
+
if (value && value_len == 0) {
/*
* MSIE doesn't delete a cookie when you set it to a null value
@@ -102,10 +105,10 @@
*/
time_t t = time(NULL) - 31536001;
dt = php_format_date("D, d-M-Y H:i:s T", sizeof("D, d-M-Y H:i:s
T")-1, t, 0 TSRMLS_CC);
- spprintf(&cookie, 0, "Set-Cookie: %s=deleted; expires=%s",
name, dt);
+ snprintf(cookie, len + 100, "Set-Cookie: %s=deleted;
expires=%s", name, dt);
efree(dt);
} else {
- spprintf(&cookie, 0, "Set-Cookie: %s=%s", name, value ?
encoded_value : "");
+ snprintf(cookie, len + 100, "Set-Cookie: %s=%s", name, value ?
encoded_value : "");
if (expires > 0) {
strlcat(cookie, "; expires=", len + 100);
dt = php_format_date("D, d-M-Y H:i:s T", sizeof("D,
d-M-Y H:i:s T")-1, expires, 0 TSRMLS_CC);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
