pajoye Fri, 30 Apr 2010 08:15:09 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=298794
Log: - Fix #51688, ini per dir crashes when invalid document root are given Bug: http://bugs.php.net/51688 (Assigned) php_cgi_ini_activate_user_config() crashes when given apache-rewritten URL Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/sapi/cgi/cgi_main.c U php/php-src/trunk/sapi/cgi/cgi_main.c Modified: php/php-src/branches/PHP_5_3/NEWS =================================================================== --- php/php-src/branches/PHP_5_3/NEWS 2010-04-30 04:30:52 UTC (rev 298793) +++ php/php-src/branches/PHP_5_3/NEWS 2010-04-30 08:15:09 UTC (rev 298794) @@ -35,6 +35,8 @@ requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert) - Fixed 64-bit integer overflow in mhash_keygen_s2k(). (Clément LECIGNE, Stas) +- Fixed bug #51688 (ini per dir crashes when invalid document root are given). + (Pierre) - Fixed bug #51671 (imagefill does not work correctly for small images). (Pierre) - Fixed bug #51670 (getColumnMeta causes segfault when re-executing query Modified: php/php-src/branches/PHP_5_3/sapi/cgi/cgi_main.c =================================================================== --- php/php-src/branches/PHP_5_3/sapi/cgi/cgi_main.c 2010-04-30 04:30:52 UTC (rev 298793) +++ php/php-src/branches/PHP_5_3/sapi/cgi/cgi_main.c 2010-04-30 08:15:09 UTC (rev 298794) @@ -735,6 +735,10 @@ if (!IS_ABSOLUTE_PATH(path, path_len)) { real_path = tsrm_realpath(path, NULL TSRMLS_CC); + /* see #51688, looks like we may get invalid path as doc root using cgi with apache */ + if (real_path == NULL) { + return; + } real_path_len = strlen(real_path); path = real_path; path_len = real_path_len; Modified: php/php-src/trunk/sapi/cgi/cgi_main.c =================================================================== --- php/php-src/trunk/sapi/cgi/cgi_main.c 2010-04-30 04:30:52 UTC (rev 298793) +++ php/php-src/trunk/sapi/cgi/cgi_main.c 2010-04-30 08:15:09 UTC (rev 298794) @@ -735,6 +735,9 @@ if (!IS_ABSOLUTE_PATH(path, path_len)) { real_path = tsrm_realpath(path, NULL TSRMLS_CC); + if (real_path == NULL) { + return; + } real_path_len = strlen(real_path); path = real_path; path_len = real_path_len;
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php