Jes,
Could you post your patch to php-dev?
PS: We should have patch submition guide.
--
Yasuo Ohgaki
[EMAIL PROTECTED] wrote:
> ID: 15772
> Updated by: [EMAIL PROTECTED]
> Reported By: [EMAIL PROTECTED]
> Status: Closed
> Bug Type: *General Issues
> Operating System: all
> PHP Version: 4.0.6
> New Comment:
>
> I have had a long look at rfc1867.c v 1.71.2.2 2002/02/21
> from a download of php4.1.2 today (1 Mar 10:00 CET). There are a large
> number of dubious cases of handling of the buffer being processed. The
> following diffs address most of these (I believe). I am posting the
> patches to the php-dev list, since it's difficult if not impossible to
> create a properfly formatted diff in this edit window.
>
>
> Previous Comments:
> ------------------------------------------------------------------------
>
> [2002-02-28 17:50:58] [EMAIL PROTECTED]
>
> How about this patch:
>
> --- main/rfc1867.c.orig Thu Feb 28 14:08:25 2002
> +++ main/rfc1867.c Thu Feb 28 14:33:03 2002
> @@ -163,20 +163,28 @@
> SAFE_RETURN;
> }
> /* some other headerfield
> found, skip it */
> - loc = (char *) memchr(ptr,
> '\n', rem)+1;
> + loc = (char *) memchr(ptr,
> '\n', rem);
> if (!loc) {
> /* broken */
> php_error(E_WARNING,
> "File Upload Mime headers garbled ptr: [%c%c%c%c%c]", *ptr, *(ptr + 1),
> *(ptr + 2), *(ptr
> + 3), *(ptr + 4));
> SAFE_RETURN;
> }
> + else
> + {
> + loc++;
> + }
> while (*loc == ' ' || *loc ==
> '\t') {
> /* other field is
> folded, skip it */
> - loc = (char *)
> memchr(loc, '\n', rem-(loc-ptr))+1;
> + loc = (char *)
> memchr(loc, '\n', rem-(loc-ptr));
> if (!loc) {
> /* broken */
>
> php_error(E_WARNING, "File Upload Mime headers garbled ptr:
> [%c%c%c%c%c]", *ptr, *(ptr + 1), *(ptr +
> 2), *(ptr + 3), *(ptr + 4));
> SAFE_RETURN;
> }
> + else
> + {
> + loc++;
> + }
> }
> rem -= (loc - ptr);
> ptr = loc;
> @@ -232,6 +240,10 @@
> * pre 4.0.6 code here
> */
> loc2 = memchr(loc + 1, '\n',
> rem);
> + if (!loc2) {
> + php_error(E_WARNING,
> "File Upload Mime headers - no newline");
> + SAFE_RETURN;
> + }
> rem -= (loc2 - ptr) + 1;
> ptr = loc2 + 1;
> /* is_arr_upload is true when
> name of file upload field
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php
