dmitry Mon Jun 23 11:37:50 2008 UTC
Modified files: (Branch: PHP_5_3)
/php-src/sapi/cgi cgi_main.c
Log:
Fixed possible buffer overflow
http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.50.2.18&r2=1.267.2.15.2.50.2.19&diff_format=u
Index: php-src/sapi/cgi/cgi_main.c
diff -u php-src/sapi/cgi/cgi_main.c:1.267.2.15.2.50.2.18
php-src/sapi/cgi/cgi_main.c:1.267.2.15.2.50.2.19
--- php-src/sapi/cgi/cgi_main.c:1.267.2.15.2.50.2.18 Tue Apr 15 11:31:58 2008
+++ php-src/sapi/cgi/cgi_main.c Mon Jun 23 11:37:50 2008
@@ -21,7 +21,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: cgi_main.c,v 1.267.2.15.2.50.2.18 2008/04/15 11:31:58 dmitry Exp $ */
+/* $Id: cgi_main.c,v 1.267.2.15.2.50.2.19 2008/06/23 11:37:50 dmitry Exp $ */
#include "php.h"
#include "php_globals.h"
@@ -723,12 +723,16 @@
(PG(user_ini_filename) && *PG(user_ini_filename))) {
/* Prepare search path */
path_len = strlen(SG(request_info).path_translated);
- path = estrndup(SG(request_info).path_translated, path_len);
- path_len = zend_dirname(path, path_len);
/* Make sure we have trailing slash! */
- if (!IS_SLASH(path[path_len])) {
+ if (!IS_SLASH(SG(request_info).path_translated[path_len])) {
+ path = emalloc(path_len + 2);
+ memcpy(path, SG(request_info).path_translated, path_len
+ 1);
+ path_len = zend_dirname(path, path_len);
path[path_len++] = DEFAULT_SLASH;
+ } else {
+ path = estrndup(SG(request_info).path_translated,
path_len);
+ path_len = zend_dirname(path, path_len);
}
path[path_len] = 0;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
