dmitry Thu Apr 3 10:24:44 2008 UTC Modified files: (Branch: PHP_5_2) /php-src NEWS /php-src/sapi/cgi fastcgi.c Log: - Fixed possible stack buffer overflow in FastCGI SAPI. (Andrey Nigmatulin) - Fixed sending of uninitialized paddings which may contain some information. (Andrey Nigmatulin) http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1128&r2=1.2027.2.547.2.1129&diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.1128 php-src/NEWS:1.2027.2.547.2.1129 --- php-src/NEWS:1.2027.2.547.2.1128 Wed Apr 2 16:31:50 2008 +++ php-src/NEWS Thu Apr 3 10:24:43 2008 @@ -1,6 +1,9 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? Apr 2008, PHP 5.2.6 +- Fixed possible stack buffer overflow in FastCGI SAPI. (Andrey Nigmatulin) +- Fixed sending of uninitialized paddings which may contain some information. + (Andrey Nigmatulin) - Fixed bug #44613 (Crash inside imap_headerinfo()). (Ilia, jmessa) - Fixed bug #44594 (imap_open() does not validate # of retries parameter). (Ilia) http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.4.2.13.2.29&r2=1.4.2.13.2.30&diff_format=u Index: php-src/sapi/cgi/fastcgi.c diff -u php-src/sapi/cgi/fastcgi.c:1.4.2.13.2.29 php-src/sapi/cgi/fastcgi.c:1.4.2.13.2.30 --- php-src/sapi/cgi/fastcgi.c:1.4.2.13.2.29 Mon Dec 31 07:20:16 2007 +++ php-src/sapi/cgi/fastcgi.c Thu Apr 3 10:24:44 2008 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: fastcgi.c,v 1.4.2.13.2.29 2007/12/31 07:20:16 sebastian Exp $ */ +/* $Id: fastcgi.c,v 1.4.2.13.2.30 2008/04/03 10:24:44 dmitry Exp $ */ #include "php.h" #include "fastcgi.h" @@ -593,6 +593,9 @@ hdr->reserved = 0; hdr->type = type; hdr->version = FCGI_VERSION_1; + if (pad) { + memset(((unsigned char*)hdr) + sizeof(fcgi_header) + len, 0, pad); + } return pad; } @@ -777,7 +780,7 @@ { int ret, n, rest; fcgi_header hdr; - unsigned char buf[8]; + unsigned char buf[255]; n = 0; rest = len;
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php