[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/sapi/cgi/cgi_main.c trunk/sapi/cgi/cgi_main.c

Fri, 30 Apr 2010 01:15:29 -0700 

pajoye                                   Fri, 30 Apr 2010 08:15:09 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=298794

Log:
- Fix #51688, ini per dir crashes when invalid document root  are given

Bug: http://bugs.php.net/51688 (Assigned) php_cgi_ini_activate_user_config() 
crashes when given apache-rewritten URL
      
Changed paths:
    U   php/php-src/branches/PHP_5_3/NEWS
    U   php/php-src/branches/PHP_5_3/sapi/cgi/cgi_main.c
    U   php/php-src/trunk/sapi/cgi/cgi_main.c

Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS   2010-04-30 04:30:52 UTC (rev 298793)
+++ php/php-src/branches/PHP_5_3/NEWS   2010-04-30 08:15:09 UTC (rev 298794)
@@ -35,6 +35,8 @@
   requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert)
 - Fixed 64-bit integer overflow in mhash_keygen_s2k(). (Clément LECIGNE, Stas)

+- Fixed bug #51688 (ini per dir crashes when invalid document root  are given).
+  (Pierre)
 - Fixed bug #51671 (imagefill does not work correctly for small images).
   (Pierre)
 - Fixed bug #51670 (getColumnMeta causes segfault when re-executing query

Modified: php/php-src/branches/PHP_5_3/sapi/cgi/cgi_main.c
===================================================================
--- php/php-src/branches/PHP_5_3/sapi/cgi/cgi_main.c    2010-04-30 04:30:52 UTC 
(rev 298793)
+++ php/php-src/branches/PHP_5_3/sapi/cgi/cgi_main.c    2010-04-30 08:15:09 UTC 
(rev 298794)
@@ -735,6 +735,10 @@

                if (!IS_ABSOLUTE_PATH(path, path_len)) {
                        real_path = tsrm_realpath(path, NULL TSRMLS_CC);
+                       /* see #51688, looks like we may get invalid path as 
doc root using cgi with apache */
+                       if (real_path == NULL) {
+                               return;
+                       }
                        real_path_len = strlen(real_path);
                        path = real_path;
                        path_len = real_path_len;

Modified: php/php-src/trunk/sapi/cgi/cgi_main.c
===================================================================
--- php/php-src/trunk/sapi/cgi/cgi_main.c       2010-04-30 04:30:52 UTC (rev 
298793)
+++ php/php-src/trunk/sapi/cgi/cgi_main.c       2010-04-30 08:15:09 UTC (rev 
298794)
@@ -735,6 +735,9 @@

                if (!IS_ABSOLUTE_PATH(path, path_len)) {
                        real_path = tsrm_realpath(path, NULL TSRMLS_CC);
+                       if (real_path == NULL) {
+                               return;
+                       }
                        real_path_len = strlen(real_path);
                        path = real_path;
                        path_len = real_path_len;


-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to