lbarnaud Sat Sep 6 08:22:25 2008 UTC
Modified files:
/php-src/main rfc1867.c
Log:
Fix mem leak and invalid frees in rfc1867 post handler
http://cvs.php.net/viewvc.cgi/php-src/main/rfc1867.c?r1=1.193&r2=1.194&diff_format=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.193 php-src/main/rfc1867.c:1.194
--- php-src/main/rfc1867.c:1.193 Fri Mar 14 13:10:22 2008
+++ php-src/main/rfc1867.c Sat Sep 6 08:22:25 2008
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: rfc1867.c,v 1.193 2008/03/14 13:10:22 tony2001 Exp $ */
+/* $Id: rfc1867.c,v 1.194 2008/09/06 08:22:25 lbarnaud Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -1300,13 +1300,13 @@
if (cancel_upload != UPLOAD_ERROR_E) {
/* file creation failed */
unlink(ascii_temp_filename);
}
- efree(ascii_temp_filename);
efree(temp_filename);
}
temp_filename = EMPTY_STR;
} else {
zend_u_hash_add(SG(rfc1867_uploaded_files),
IS_UNICODE, ZSTR(temp_filename), u_strlen(temp_filename) + 1, &temp_filename,
sizeof(UChar *), NULL);
}
+ efree(ascii_temp_filename);
/* is_arr_upload is true when name of file upload field
* ends in [.*]
@@ -1372,7 +1372,7 @@
/* Possible Content-Type: */
if (cancel_upload || !(cd =
php_mime_get_hdr_value(header, "Content-Type"))) {
- ucd = EMPTY_STR;
+ ucd = ecalloc(1, UBYTES(1));
ucd_len = 0;
} else {
ucd = php_ap_to_unicode(cd, strlen(cd),
&ucd_len TSRMLS_CC);
@@ -1470,7 +1470,6 @@
register_u_http_post_files_variable_ex(lbuf,
&file_size, http_post_files, 0 TSRMLS_CC);
}
efree(param);
- efree(filename);
}
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
