[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /sapi/cgi fastcgi.c

Thu, 03 Apr 2008 03:25:00 -0700 

dmitry          Thu Apr  3 10:24:44 2008 UTC

  Modified files:              (Branch: PHP_5_2)
    /php-src    NEWS 
    /php-src/sapi/cgi   fastcgi.c 
  Log:
  - Fixed possible stack buffer overflow in FastCGI SAPI. (Andrey Nigmatulin)
  - Fixed sending of uninitialized paddings which may contain some information.
    (Andrey Nigmatulin)
  
  
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1128&r2=1.2027.2.547.2.1129&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.547.2.1128 php-src/NEWS:1.2027.2.547.2.1129
--- php-src/NEWS:1.2027.2.547.2.1128    Wed Apr  2 16:31:50 2008
+++ php-src/NEWS        Thu Apr  3 10:24:43 2008
@@ -1,6 +1,9 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? Apr 2008, PHP 5.2.6
+- Fixed possible stack buffer overflow in FastCGI SAPI. (Andrey Nigmatulin)
+- Fixed sending of uninitialized paddings which may contain some information.
+  (Andrey Nigmatulin)
 - Fixed bug #44613 (Crash inside imap_headerinfo()). (Ilia, jmessa)
 - Fixed bug #44594 (imap_open() does not validate # of retries parameter).
   (Ilia)
http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.4.2.13.2.29&r2=1.4.2.13.2.30&diff_format=u
Index: php-src/sapi/cgi/fastcgi.c
diff -u php-src/sapi/cgi/fastcgi.c:1.4.2.13.2.29 
php-src/sapi/cgi/fastcgi.c:1.4.2.13.2.30
--- php-src/sapi/cgi/fastcgi.c:1.4.2.13.2.29    Mon Dec 31 07:20:16 2007
+++ php-src/sapi/cgi/fastcgi.c  Thu Apr  3 10:24:44 2008
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id: fastcgi.c,v 1.4.2.13.2.29 2007/12/31 07:20:16 sebastian Exp $ */
+/* $Id: fastcgi.c,v 1.4.2.13.2.30 2008/04/03 10:24:44 dmitry Exp $ */
 
 #include "php.h"
 #include "fastcgi.h"
@@ -593,6 +593,9 @@
        hdr->reserved = 0;
        hdr->type = type;
        hdr->version = FCGI_VERSION_1;
+       if (pad) {
+               memset(((unsigned char*)hdr) + sizeof(fcgi_header) + len, 0, 
pad);
+       }
        return pad;
 }
 
@@ -777,7 +780,7 @@
 {
        int ret, n, rest;
        fcgi_header hdr;
-       unsigned char buf[8];
+       unsigned char buf[255];
 
        n = 0;
        rest = len;



-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to