[PHP-CVS] cvs: php-src /ext/standard head.c

Mon, 16 Apr 2007 05:49:18 -0700 

tony2001                Mon Apr 16 12:49:07 2007 UTC

  Modified files:              
    /php-src/ext/standard       head.c 
  Log:
  MFB use strlcat()
  fix buffer overrun & bug #41101
  
  
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/head.c?r1=1.95&r2=1.96&diff_format=u
Index: php-src/ext/standard/head.c
diff -u php-src/ext/standard/head.c:1.95 php-src/ext/standard/head.c:1.96
--- php-src/ext/standard/head.c:1.95    Sat Feb 24 16:25:55 2007
+++ php-src/ext/standard/head.c Mon Apr 16 12:49:07 2007
@@ -15,7 +15,7 @@
    | Author: Rasmus Lerdorf <[EMAIL PROTECTED]>                        |
    +----------------------------------------------------------------------+
  */
-/* $Id: head.c,v 1.95 2007/02/24 16:25:55 helly Exp $ */
+/* $Id: head.c,v 1.96 2007/04/16 12:49:07 tony2001 Exp $ */
 
 #include <stdio.h>
 #include "php.h"
@@ -94,6 +94,9 @@
        if (domain) {
                len += domain_len;
        }
+
+       cookie = emalloc(len + 100);
+
        if (value && value_len == 0) {
                /* 
                 * MSIE doesn't delete a cookie when you set it to a null value
@@ -102,14 +105,14 @@
                 */
                time_t t = time(NULL) - 31536001;
                dt = php_format_date("D, d-M-Y H:i:s T", sizeof("D, d-M-Y H:i:s 
T")-1, t, 0 TSRMLS_CC);
-               spprintf(&cookie, 0, "Set-Cookie: %s=deleted; expires=%s", 
name, dt);
+               snprintf(cookie, len + 100, "Set-Cookie: %s=deleted; 
expires=%s", name, dt);
                efree(dt);
        } else {
-               spprintf(&cookie, 0, "Set-Cookie: %s=%s", name, value ? 
encoded_value : "");
+               snprintf(cookie, len + 100, "Set-Cookie: %s=%s", name, value ? 
encoded_value : "");
                if (expires > 0) {
-                       strcat(cookie, "; expires=");
+                       strlcat(cookie, "; expires=", len + 100);
                        dt = php_format_date("D, d-M-Y H:i:s T", sizeof("D, 
d-M-Y H:i:s T")-1, expires, 0 TSRMLS_CC);
-                       strcat(cookie, dt);
+                       strlcat(cookie, dt, len + 100);
                        efree(dt);
                }
        }
@@ -119,18 +122,18 @@
        }
 
        if (path && path_len > 0) {
-               strcat(cookie, "; path=");
-               strcat(cookie, path);
+               strlcat(cookie, "; path=", len + 100);
+               strlcat(cookie, path, len + 100);
        }
        if (domain && domain_len > 0) {
-               strcat(cookie, "; domain=");
-               strcat(cookie, domain);
+               strlcat(cookie, "; domain=", len + 100);
+               strlcat(cookie, domain, len + 100);
        }
        if (secure) {
-               strcat(cookie, "; secure");
+               strlcat(cookie, "; secure", len + 100);
        }
        if (httponly) {
-               strcat(cookie, "; httponly");
+               strlcat(cookie, "; httponly", len + 100);
        }
 
        ctr.line = cookie;

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to