edink Fri Nov 22 10:47:44 2002 EDT Modified files: (Branch: PHP_4_3) /php4/sapi/cgi cgi_main.c Log: MFH: Avoid possible buffer overflow. Index: php4/sapi/cgi/cgi_main.c diff -u php4/sapi/cgi/cgi_main.c:1.190.2.4 php4/sapi/cgi/cgi_main.c:1.190.2.5 --- php4/sapi/cgi/cgi_main.c:1.190.2.4 Fri Nov 22 08:50:40 2002 +++ php4/sapi/cgi/cgi_main.c Fri Nov 22 10:47:44 2002 @@ -234,10 +234,11 @@ } } +#define SAPI_CGI_MAX_HEADER_LENGTH 1024 static int sapi_cgi_send_headers(sapi_headers_struct *sapi_headers TSRMLS_DC) { - char buf[1024]; + char buf[SAPI_CGI_MAX_HEADER_LENGTH]; sapi_header_struct *h; zend_llist_position pos; long rfc2616_headers = 0; @@ -255,7 +256,13 @@ int len; if (rfc2616_headers) { - len = sprintf(buf, "%s\r\n", SG(sapi_headers).http_status_line); + len = snprintf(buf, SAPI_CGI_MAX_HEADER_LENGTH, + "%s\r\n", +SG(sapi_headers).http_status_line); + + if (len > SAPI_CGI_MAX_HEADER_LENGTH) { + len = SAPI_CGI_MAX_HEADER_LENGTH; + } + } else { len = sprintf(buf, "Status: %d\r\n", SG(sapi_headers).http_response_code); }
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php