laruence Thu, 03 Nov 2011 07:26:09 +0000
Revision: http://svn.php.net/viewvc?view=revision&revision=318718
Log:
Fixed bug #60206 (possible integer overflow in content_length)
Bug: https://bugs.php.net/60206 (error getting bug information)
Changed paths:
U php/php-src/branches/PHP_5_3/NEWS
U php/php-src/branches/PHP_5_3/sapi/apache/mod_php5.c
U php/php-src/branches/PHP_5_3/sapi/apache2filter/sapi_apache2.c
U php/php-src/branches/PHP_5_3/sapi/apache2handler/sapi_apache2.c
U php/php-src/branches/PHP_5_3/sapi/apache_hooks/mod_php5.c
U php/php-src/branches/PHP_5_3/sapi/cgi/cgi_main.c
U php/php-src/branches/PHP_5_3/sapi/fpm/fpm/fpm_main.c
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/sapi/apache/mod_php5.c
U php/php-src/branches/PHP_5_4/sapi/apache2filter/sapi_apache2.c
U php/php-src/branches/PHP_5_4/sapi/apache2handler/sapi_apache2.c
U php/php-src/branches/PHP_5_4/sapi/apache_hooks/mod_php5.c
U php/php-src/branches/PHP_5_4/sapi/cgi/cgi_main.c
U php/php-src/branches/PHP_5_4/sapi/fpm/fpm/fpm_main.c
U php/php-src/trunk/sapi/apache/mod_php5.c
U php/php-src/trunk/sapi/apache2filter/sapi_apache2.c
U php/php-src/trunk/sapi/apache2handler/sapi_apache2.c
U php/php-src/trunk/sapi/apache_hooks/mod_php5.c
U php/php-src/trunk/sapi/cgi/cgi_main.c
U php/php-src/trunk/sapi/fpm/fpm/fpm_main.c
Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS 2011-11-03 05:16:47 UTC (rev 318717)
+++ php/php-src/branches/PHP_5_3/NEWS 2011-11-03 07:26:09 UTC (rev 318718)
@@ -137,7 +137,10 @@
- FTP:
. Fixed bug #60183 (out of sync ftp responses). (bram at ebskamp dot me, rasmus)
+- SAPI:
+ . Fixed bug #60205 (possible integer overflow in content_length). (Laruence)
+
23 Aug 2011, PHP 5.3.8
- Core:
Modified: php/php-src/branches/PHP_5_3/sapi/apache/mod_php5.c
===================================================================
--- php/php-src/branches/PHP_5_3/sapi/apache/mod_php5.c 2011-11-03 05:16:47 UTC (rev 318717)
+++ php/php-src/branches/PHP_5_3/sapi/apache/mod_php5.c 2011-11-03 07:26:09 UTC (rev 318718)
@@ -533,7 +533,7 @@
SG(request_info).request_uri = r->uri;
SG(request_info).request_method = (char *)r->method;
SG(request_info).content_type = (char *) table_get(r->subprocess_env, "CONTENT_TYPE");
- SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
+ SG(request_info).content_length = (content_length ? atol(content_length) : 0);
SG(sapi_headers).http_response_code = r->status;
SG(request_info).proto_num = r->proto_num;
Modified: php/php-src/branches/PHP_5_3/sapi/apache2filter/sapi_apache2.c
===================================================================
--- php/php-src/branches/PHP_5_3/sapi/apache2filter/sapi_apache2.c 2011-11-03 05:16:47 UTC (rev 318717)
+++ php/php-src/branches/PHP_5_3/sapi/apache2filter/sapi_apache2.c 2011-11-03 07:26:09 UTC (rev 318718)
@@ -420,7 +420,7 @@
efree(content_type);
content_length = (char *) apr_table_get(f->r->headers_in, "Content-Length");
- SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
+ SG(request_info).content_length = (content_length ? atol(content_length) : 0);
apr_table_unset(f->r->headers_out, "Content-Length");
apr_table_unset(f->r->headers_out, "Last-Modified");
Modified: php/php-src/branches/PHP_5_3/sapi/apache2handler/sapi_apache2.c
===================================================================
--- php/php-src/branches/PHP_5_3/sapi/apache2handler/sapi_apache2.c 2011-11-03 05:16:47 UTC (rev 318717)
+++ php/php-src/branches/PHP_5_3/sapi/apache2handler/sapi_apache2.c 2011-11-03 07:26:09 UTC (rev 318718)
@@ -484,7 +484,7 @@
r->no_local_copy = 1;
content_length = (char *) apr_table_get(r->headers_in, "Content-Length");
- SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
+ SG(request_info).content_length = (content_length ? atol(content_length) : 0);
apr_table_unset(r->headers_out, "Content-Length");
apr_table_unset(r->headers_out, "Last-Modified");
Modified: php/php-src/branches/PHP_5_3/sapi/apache_hooks/mod_php5.c
===================================================================
--- php/php-src/branches/PHP_5_3/sapi/apache_hooks/mod_php5.c 2011-11-03 05:16:47 UTC (rev 318717)
+++ php/php-src/branches/PHP_5_3/sapi/apache_hooks/mod_php5.c 2011-11-03 07:26:09 UTC (rev 318718)
@@ -587,7 +587,7 @@
SG(request_info).request_method = (char *)r->method;
SG(request_info).proto_num = r->proto_num;
SG(request_info).content_type = (char *) table_get(r->subprocess_env, "CONTENT_TYPE");
- SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
+ SG(request_info).content_length = (content_length ? atol(content_length) : 0);
SG(sapi_headers).http_response_code = r->status;
if (r->headers_in) {
Modified: php/php-src/branches/PHP_5_3/sapi/cgi/cgi_main.c
===================================================================
--- php/php-src/branches/PHP_5_3/sapi/cgi/cgi_main.c 2011-11-03 05:16:47 UTC (rev 318717)
+++ php/php-src/branches/PHP_5_3/sapi/cgi/cgi_main.c 2011-11-03 07:26:09 UTC (rev 318718)
@@ -1353,7 +1353,7 @@
/* FIXME - Work out proto_num here */
SG(request_info).query_string = sapi_cgibin_getenv("QUERY_STRING", sizeof("QUERY_STRING")-1 TSRMLS_CC);
SG(request_info).content_type = (content_type ? content_type : "" );
- SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
+ SG(request_info).content_length = (content_length ? atol(content_length) : 0);
/* The CGI RFC allows servers to pass on unvalidated Authorization data */
auth = sapi_cgibin_getenv("HTTP_AUTHORIZATION", sizeof("HTTP_AUTHORIZATION")-1 TSRMLS_CC);
Modified: php/php-src/branches/PHP_5_3/sapi/fpm/fpm/fpm_main.c
===================================================================
--- php/php-src/branches/PHP_5_3/sapi/fpm/fpm/fpm_main.c 2011-11-03 05:16:47 UTC (rev 318717)
+++ php/php-src/branches/PHP_5_3/sapi/fpm/fpm/fpm_main.c 2011-11-03 07:26:09 UTC (rev 318718)
@@ -1332,7 +1332,7 @@
/* FIXME - Work out proto_num here */
SG(request_info).query_string = sapi_cgibin_getenv("QUERY_STRING", sizeof("QUERY_STRING") - 1 TSRMLS_CC);
SG(request_info).content_type = (content_type ? content_type : "" );
- SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
+ SG(request_info).content_length = (content_length ? atol(content_length) : 0);
/* The CGI RFC allows servers to pass on unvalidated Authorization data */
auth = sapi_cgibin_getenv("HTTP_AUTHORIZATION", sizeof("HTTP_AUTHORIZATION") - 1 TSRMLS_CC);
Modified: php/php-src/branches/PHP_5_4/NEWS
===================================================================
--- php/php-src/branches/PHP_5_4/NEWS 2011-11-03 05:16:47 UTC (rev 318717)
+++ php/php-src/branches/PHP_5_4/NEWS 2011-11-03 07:26:09 UTC (rev 318718)
@@ -31,6 +31,9 @@
. Fixed bug #60201 (SplFileObject::setCsvControl does not expose third
argument via Reflection). (Peter)
+- SAPI:
+ . Fixed bug #60205 (possible integer overflow in content_length). (Laruence)
+
20 Oct 2011, PHP 5.4.0 beta2
- General improvements:
. Improve the warning message of incompatible arguments. (Laruence)
Modified: php/php-src/branches/PHP_5_4/sapi/apache/mod_php5.c
===================================================================
--- php/php-src/branches/PHP_5_4/sapi/apache/mod_php5.c 2011-11-03 05:16:47 UTC (rev 318717)
+++ php/php-src/branches/PHP_5_4/sapi/apache/mod_php5.c 2011-11-03 07:26:09 UTC (rev 318718)
@@ -529,7 +529,7 @@
SG(request_info).request_uri = r->uri;
SG(request_info).request_method = (char *)r->method;
SG(request_info).content_type = (char *) table_get(r->subprocess_env, "CONTENT_TYPE");
- SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
+ SG(request_info).content_length = (content_length ? atol(content_length) : 0);
SG(sapi_headers).http_response_code = r->status;
SG(request_info).proto_num = r->proto_num;
Modified: php/php-src/branches/PHP_5_4/sapi/apache2filter/sapi_apache2.c
===================================================================
--- php/php-src/branches/PHP_5_4/sapi/apache2filter/sapi_apache2.c 2011-11-03 05:16:47 UTC (rev 318717)
+++ php/php-src/branches/PHP_5_4/sapi/apache2filter/sapi_apache2.c 2011-11-03 07:26:09 UTC (rev 318718)
@@ -419,7 +419,7 @@
efree(content_type);
content_length = (char *) apr_table_get(f->r->headers_in, "Content-Length");
- SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
+ SG(request_info).content_length = (content_length ? atol(content_length) : 0);
apr_table_unset(f->r->headers_out, "Content-Length");
apr_table_unset(f->r->headers_out, "Last-Modified");
Modified: php/php-src/branches/PHP_5_4/sapi/apache2handler/sapi_apache2.c
===================================================================
--- php/php-src/branches/PHP_5_4/sapi/apache2handler/sapi_apache2.c 2011-11-03 05:16:47 UTC (rev 318717)
+++ php/php-src/branches/PHP_5_4/sapi/apache2handler/sapi_apache2.c 2011-11-03 07:26:09 UTC (rev 318718)
@@ -483,7 +483,7 @@
r->no_local_copy = 1;
content_length = (char *) apr_table_get(r->headers_in, "Content-Length");
- SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
+ SG(request_info).content_length = (content_length ? atol(content_length) : 0);
apr_table_unset(r->headers_out, "Content-Length");
apr_table_unset(r->headers_out, "Last-Modified");
Modified: php/php-src/branches/PHP_5_4/sapi/apache_hooks/mod_php5.c
===================================================================
--- php/php-src/branches/PHP_5_4/sapi/apache_hooks/mod_php5.c 2011-11-03 05:16:47 UTC (rev 318717)
+++ php/php-src/branches/PHP_5_4/sapi/apache_hooks/mod_php5.c 2011-11-03 07:26:09 UTC (rev 318718)
@@ -582,7 +582,7 @@
SG(request_info).request_method = (char *)r->method;
SG(request_info).proto_num = r->proto_num;
SG(request_info).content_type = (char *) table_get(r->subprocess_env, "CONTENT_TYPE");
- SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
+ SG(request_info).content_length = (content_length ? atol(content_length) : 0);
SG(sapi_headers).http_response_code = r->status;
if (r->headers_in) {
Modified: php/php-src/branches/PHP_5_4/sapi/cgi/cgi_main.c
===================================================================
--- php/php-src/branches/PHP_5_4/sapi/cgi/cgi_main.c 2011-11-03 05:16:47 UTC (rev 318717)
+++ php/php-src/branches/PHP_5_4/sapi/cgi/cgi_main.c 2011-11-03 07:26:09 UTC (rev 318718)
@@ -1413,7 +1413,7 @@
/* FIXME - Work out proto_num here */
SG(request_info).query_string = CGI_GETENV("QUERY_STRING");
SG(request_info).content_type = (content_type ? content_type : "" );
- SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
+ SG(request_info).content_length = (content_length ? atol(content_length) : 0);
/* The CGI RFC allows servers to pass on unvalidated Authorization data */
auth = CGI_GETENV("HTTP_AUTHORIZATION");
Modified: php/php-src/branches/PHP_5_4/sapi/fpm/fpm/fpm_main.c
===================================================================
--- php/php-src/branches/PHP_5_4/sapi/fpm/fpm/fpm_main.c 2011-11-03 05:16:47 UTC (rev 318717)
+++ php/php-src/branches/PHP_5_4/sapi/fpm/fpm/fpm_main.c 2011-11-03 07:26:09 UTC (rev 318718)
@@ -1325,7 +1325,7 @@
/* FIXME - Work out proto_num here */
SG(request_info).query_string = sapi_cgibin_getenv("QUERY_STRING", sizeof("QUERY_STRING") - 1 TSRMLS_CC);
SG(request_info).content_type = (content_type ? content_type : "" );
- SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
+ SG(request_info).content_length = (content_length ? atol(content_length) : 0);
/* The CGI RFC allows servers to pass on unvalidated Authorization data */
auth = sapi_cgibin_getenv("HTTP_AUTHORIZATION", sizeof("HTTP_AUTHORIZATION") - 1 TSRMLS_CC);
Modified: php/php-src/trunk/sapi/apache/mod_php5.c
===================================================================
--- php/php-src/trunk/sapi/apache/mod_php5.c 2011-11-03 05:16:47 UTC (rev 318717)
+++ php/php-src/trunk/sapi/apache/mod_php5.c 2011-11-03 07:26:09 UTC (rev 318718)
@@ -529,7 +529,7 @@
SG(request_info).request_uri = r->uri;
SG(request_info).request_method = (char *)r->method;
SG(request_info).content_type = (char *) table_get(r->subprocess_env, "CONTENT_TYPE");
- SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
+ SG(request_info).content_length = (content_length ? atol(content_length) : 0);
SG(sapi_headers).http_response_code = r->status;
SG(request_info).proto_num = r->proto_num;
Modified: php/php-src/trunk/sapi/apache2filter/sapi_apache2.c
===================================================================
--- php/php-src/trunk/sapi/apache2filter/sapi_apache2.c 2011-11-03 05:16:47 UTC (rev 318717)
+++ php/php-src/trunk/sapi/apache2filter/sapi_apache2.c 2011-11-03 07:26:09 UTC (rev 318718)
@@ -419,7 +419,7 @@
efree(content_type);
content_length = (char *) apr_table_get(f->r->headers_in, "Content-Length");
- SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
+ SG(request_info).content_length = (content_length ? atol(content_length) : 0);
apr_table_unset(f->r->headers_out, "Content-Length");
apr_table_unset(f->r->headers_out, "Last-Modified");
Modified: php/php-src/trunk/sapi/apache2handler/sapi_apache2.c
===================================================================
--- php/php-src/trunk/sapi/apache2handler/sapi_apache2.c 2011-11-03 05:16:47 UTC (rev 318717)
+++ php/php-src/trunk/sapi/apache2handler/sapi_apache2.c 2011-11-03 07:26:09 UTC (rev 318718)
@@ -483,7 +483,7 @@
r->no_local_copy = 1;
content_length = (char *) apr_table_get(r->headers_in, "Content-Length");
- SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
+ SG(request_info).content_length = (content_length ? atol(content_length) : 0);
apr_table_unset(r->headers_out, "Content-Length");
apr_table_unset(r->headers_out, "Last-Modified");
Modified: php/php-src/trunk/sapi/apache_hooks/mod_php5.c
===================================================================
--- php/php-src/trunk/sapi/apache_hooks/mod_php5.c 2011-11-03 05:16:47 UTC (rev 318717)
+++ php/php-src/trunk/sapi/apache_hooks/mod_php5.c 2011-11-03 07:26:09 UTC (rev 318718)
@@ -582,7 +582,7 @@
SG(request_info).request_method = (char *)r->method;
SG(request_info).proto_num = r->proto_num;
SG(request_info).content_type = (char *) table_get(r->subprocess_env, "CONTENT_TYPE");
- SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
+ SG(request_info).content_length = (content_length ? atol(content_length) : 0);
SG(sapi_headers).http_response_code = r->status;
if (r->headers_in) {
Modified: php/php-src/trunk/sapi/cgi/cgi_main.c
===================================================================
--- php/php-src/trunk/sapi/cgi/cgi_main.c 2011-11-03 05:16:47 UTC (rev 318717)
+++ php/php-src/trunk/sapi/cgi/cgi_main.c 2011-11-03 07:26:09 UTC (rev 318718)
@@ -1412,7 +1412,7 @@
/* FIXME - Work out proto_num here */
SG(request_info).query_string = CGI_GETENV("QUERY_STRING");
SG(request_info).content_type = (content_type ? content_type : "" );
- SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
+ SG(request_info).content_length = (content_length ? atol(content_length) : 0);
/* The CGI RFC allows servers to pass on unvalidated Authorization data */
auth = CGI_GETENV("HTTP_AUTHORIZATION");
Modified: php/php-src/trunk/sapi/fpm/fpm/fpm_main.c
===================================================================
--- php/php-src/trunk/sapi/fpm/fpm/fpm_main.c 2011-11-03 05:16:47 UTC (rev 318717)
+++ php/php-src/trunk/sapi/fpm/fpm/fpm_main.c 2011-11-03 07:26:09 UTC (rev 318718)
@@ -1325,7 +1325,7 @@
/* FIXME - Work out proto_num here */
SG(request_info).query_string = sapi_cgibin_getenv("QUERY_STRING", sizeof("QUERY_STRING") - 1 TSRMLS_CC);
SG(request_info).content_type = (content_type ? content_type : "" );
- SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
+ SG(request_info).content_length = (content_length ? atol(content_length) : 0);
/* The CGI RFC allows servers to pass on unvalidated Authorization data */
auth = sapi_cgibin_getenv("HTTP_AUTHORIZATION", sizeof("HTTP_AUTHORIZATION") - 1 TSRMLS_CC);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
