Jes, Could you post your patch to php-dev?
PS: We should have patch submition guide. -- Yasuo Ohgaki [EMAIL PROTECTED] wrote: > ID: 15772 > Updated by: [EMAIL PROTECTED] > Reported By: [EMAIL PROTECTED] > Status: Closed > Bug Type: *General Issues > Operating System: all > PHP Version: 4.0.6 > New Comment: > > I have had a long look at rfc1867.c v 1.71.2.2 2002/02/21 > from a download of php4.1.2 today (1 Mar 10:00 CET). There are a large > number of dubious cases of handling of the buffer being processed. The > following diffs address most of these (I believe). I am posting the > patches to the php-dev list, since it's difficult if not impossible to > create a properfly formatted diff in this edit window. > > > Previous Comments: > ------------------------------------------------------------------------ > > [2002-02-28 17:50:58] [EMAIL PROTECTED] > > How about this patch: > > --- main/rfc1867.c.orig Thu Feb 28 14:08:25 2002 > +++ main/rfc1867.c Thu Feb 28 14:33:03 2002 > @@ -163,20 +163,28 @@ > SAFE_RETURN; > } > /* some other headerfield > found, skip it */ > - loc = (char *) memchr(ptr, > '\n', rem)+1; > + loc = (char *) memchr(ptr, > '\n', rem); > if (!loc) { > /* broken */ > php_error(E_WARNING, > "File Upload Mime headers garbled ptr: [%c%c%c%c%c]", *ptr, *(ptr + 1), > *(ptr + 2), *(ptr > + 3), *(ptr + 4)); > SAFE_RETURN; > } > + else > + { > + loc++; > + } > while (*loc == ' ' || *loc == > '\t') { > /* other field is > folded, skip it */ > - loc = (char *) > memchr(loc, '\n', rem-(loc-ptr))+1; > + loc = (char *) > memchr(loc, '\n', rem-(loc-ptr)); > if (!loc) { > /* broken */ > > php_error(E_WARNING, "File Upload Mime headers garbled ptr: > [%c%c%c%c%c]", *ptr, *(ptr + 1), *(ptr + > 2), *(ptr + 3), *(ptr + 4)); > SAFE_RETURN; > } > + else > + { > + loc++; > + } > } > rem -= (loc - ptr); > ptr = loc; > @@ -232,6 +240,10 @@ > * pre 4.0.6 code here > */ > loc2 = memchr(loc + 1, '\n', > rem); > + if (!loc2) { > + php_error(E_WARNING, > "File Upload Mime headers - no newline"); > + SAFE_RETURN; > + } > rem -= (loc2 - ptr) + 1; > ptr = loc2 + 1; > /* is_arr_upload is true when > name of file upload field -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php