sesser Tue Feb 11 16:41:33 2003 EDT Modified files: /php4/main SAPI.c Log: 8 + 20 + 1 + 1 = 30 There was no Bufferoverflow on 64bit systems. And the "fix" broke the header code on systems with old style snprintf. Index: php4/main/SAPI.c diff -u php4/main/SAPI.c:1.169 php4/main/SAPI.c:1.170 --- php4/main/SAPI.c:1.169 Mon Feb 10 15:18:08 2003 +++ php4/main/SAPI.c Tue Feb 11 16:41:32 2003 @@ -18,7 +18,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: SAPI.c,v 1.169 2003/02/10 20:18:08 moriyoshi Exp $ */ +/* $Id: SAPI.c,v 1.170 2003/02/11 21:41:32 sesser Exp $ */ #include <ctype.h> #include <sys/stat.h> @@ -619,18 +619,14 @@ 0, &result_len, -1 TSRMLS_CC); if(result_len==ptr_len) { char *lower_temp = estrdup(ptr); - char conv_temp[64]; + char conv_temp[32]; int conv_len; php_strtolower(lower_temp,strlen(lower_temp)); /* If there is no realm string at all, append one */ if(!strstr(lower_temp,"realm")) { efree(result); - conv_len = snprintf(conv_temp, sizeof(conv_temp), " realm=\"%ld\"",myuid); - /* some broken snprintf() impls may return a negative value on failure */ - if (conv_len < 0) { - conv_len = 0; - } + conv_len = +sprintf(conv_temp, sizeof(conv_temp), " realm=\"%ld\"",myuid); result = emalloc(ptr_len+conv_len+1); result_len = ptr_len+conv_len; memcpy(result, ptr, ptr_len); @@ -653,7 +649,7 @@ #else { myuid = php_getuid(); - result = emalloc(32); + result = emalloc(sizeof("WWW-Authenticate: +")+20); newlen = sprintf(result, "WWW-Authenticate: %ld", myuid); newheader = estrndup(result,newlen); efree(header_line);
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php