[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/main/php_ini.c trunk/main/php_ini.c

Wed, 19 Jan 2011 06:22:03 -0800 

pajoye                                   Wed, 19 Jan 2011 14:21:46 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=307587

Log:
- path len check and fix buffer overrun

Changed paths:
    U   php/php-src/branches/PHP_5_3/main/php_ini.c
    U   php/php-src/trunk/main/php_ini.c

Modified: php/php-src/branches/PHP_5_3/main/php_ini.c
===================================================================
--- php/php-src/branches/PHP_5_3/main/php_ini.c 2011-01-19 14:07:37 UTC (rev 
307586)
+++ php/php-src/branches/PHP_5_3/main/php_ini.c 2011-01-19 14:21:46 UTC (rev 
307587)
@@ -824,12 +824,15 @@

 #if PHP_WIN32
        char path_bak[MAXPATHLEN];
+#endif

        if (path_len > MAXPATHLEN) {
                return;
        }
+
+#if PHP_WIN32
        memcpy(path_bak, path, path_len);
-       path_bak[path_len] = 0;
+       path_bak[path_len - 1] = 0;
        TRANSLATE_SLASHES_LOWER(path_bak);
        path = path_bak;
 #endif

Modified: php/php-src/trunk/main/php_ini.c
===================================================================
--- php/php-src/trunk/main/php_ini.c    2011-01-19 14:07:37 UTC (rev 307586)
+++ php/php-src/trunk/main/php_ini.c    2011-01-19 14:21:46 UTC (rev 307587)
@@ -820,12 +820,15 @@

 #if PHP_WIN32
        char path_bak[MAXPATHLEN];
+#endif

        if (path_len > MAXPATHLEN) {
                return;
        }
+
+#if PHP_WIN32
        memcpy(path_bak, path, path_len);
-       path_bak[path_len] = 0;
+       path_bak[path_len - 1] = 0;
        TRANSLATE_SLASHES_LOWER(path_bak);
        path = path_bak;
 #endif


-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to