edink Fri Nov 22 10:47:44 2002 EDT
Modified files: (Branch: PHP_4_3)
/php4/sapi/cgi cgi_main.c
Log:
MFH: Avoid possible buffer overflow.
Index: php4/sapi/cgi/cgi_main.c
diff -u php4/sapi/cgi/cgi_main.c:1.190.2.4 php4/sapi/cgi/cgi_main.c:1.190.2.5
--- php4/sapi/cgi/cgi_main.c:1.190.2.4 Fri Nov 22 08:50:40 2002
+++ php4/sapi/cgi/cgi_main.c Fri Nov 22 10:47:44 2002
@@ -234,10 +234,11 @@
}
}
+#define SAPI_CGI_MAX_HEADER_LENGTH 1024
static int sapi_cgi_send_headers(sapi_headers_struct *sapi_headers TSRMLS_DC)
{
- char buf[1024];
+ char buf[SAPI_CGI_MAX_HEADER_LENGTH];
sapi_header_struct *h;
zend_llist_position pos;
long rfc2616_headers = 0;
@@ -255,7 +256,13 @@
int len;
if (rfc2616_headers) {
- len = sprintf(buf, "%s\r\n",
SG(sapi_headers).http_status_line);
+ len = snprintf(buf, SAPI_CGI_MAX_HEADER_LENGTH,
+ "%s\r\n",
+SG(sapi_headers).http_status_line);
+
+ if (len > SAPI_CGI_MAX_HEADER_LENGTH) {
+ len = SAPI_CGI_MAX_HEADER_LENGTH;
+ }
+
} else {
len = sprintf(buf, "Status: %d\r\n",
SG(sapi_headers).http_response_code);
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
