#22340 [NEW]: string to putenv() free()'d

Thu, 20 Feb 2003 15:04:53 -0800 

From:             tbrown at baremetal dot com
Operating system: linux
PHP version:      4.3.1
PHP Bug Type:     CGI related
Bug description:  string to putenv() free()'d

the symptom is that with register_globals=on some variables are being
incorrectly initialized.

This seems to be because the are being initialized from the environment
instead from _POST

The environment is messed up, because the values passed to putenv() are
being free'd an the memory is being recycled... it happens that the
contents of the POST data are being copied into that location... e.g.

username=admin&password=password&LOGIN=+++Login+++

this shows up as an environment variable username, with the value
admin&password=password&LOGIN=+++Login+++

which stomps on the POST value of "admin" ...

the fix seems to be


cvs diff -u sapi/cgi/cgi_main.c
Index: sapi/cgi/cgi_main.c
===================================================================
RCS file: /repository/php4/sapi/cgi/cgi_main.c,v
retrieving revision 1.190.2.9.4.2
diff -u -u -r1.190.2.9.4.2 cgi_main.c
--- sapi/cgi/cgi_main.c 15 Feb 2003 22:56:04 -0000      1.190.2.9.4.2
+++ sapi/cgi/cgi_main.c 20 Feb 2003 23:04:14 -0000
@@ -388,7 +388,7 @@
        /*  if cgi, or fastcgi and not found in fcgi env
                check the regular environment */
        putenv(buf);
-       efree(buf);
+       /* Not safe! and in CGI, not a leak: efree(buf); */
        return 0;
 }

although I don't know enough about fast-cgi to know if that is a memory
leak or not...
-- 
Edit bug report at http://bugs.php.net/?id=22340&edit=1
-- 
Try a CVS snapshot:         http://bugs.php.net/fix.php?id=22340&r=trysnapshot
Fixed in CVS:               http://bugs.php.net/fix.php?id=22340&r=fixedcvs
Fixed in release:           http://bugs.php.net/fix.php?id=22340&r=alreadyfixed
Need backtrace:             http://bugs.php.net/fix.php?id=22340&r=needtrace
Try newer version:          http://bugs.php.net/fix.php?id=22340&r=oldversion
Not developer issue:        http://bugs.php.net/fix.php?id=22340&r=support
Expected behavior:          http://bugs.php.net/fix.php?id=22340&r=notwrong
Not enough info:            http://bugs.php.net/fix.php?id=22340&r=notenoughinfo
Submitted twice:            http://bugs.php.net/fix.php?id=22340&r=submittedtwice
register_globals:           http://bugs.php.net/fix.php?id=22340&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=22340&r=php3
Daylight Savings:           http://bugs.php.net/fix.php?id=22340&r=dst
IIS Stability:              http://bugs.php.net/fix.php?id=22340&r=isapi
Install GNU Sed:            http://bugs.php.net/fix.php?id=22340&r=gnused

Reply via email to