[PHP-CVS] cvs: php-src /ext/standard http_fopen_wrapper.c

[Ilia Alshanetsky]

iliaa           Tue Feb 24 16:52:41 2004 EDT

  Modified files:              
    /php-src/ext/standard       http_fopen_wrapper.c 
  Log:
  Fixed bug #27383 (Potential crash inside fopen_wrapper, while parsing
  response code).
  
  
http://cvs.php.net/diff.php/php-src/ext/standard/http_fopen_wrapper.c?r1=1.81&r2=1.82&ty=u
Index: php-src/ext/standard/http_fopen_wrapper.c
diff -u php-src/ext/standard/http_fopen_wrapper.c:1.81 
php-src/ext/standard/http_fopen_wrapper.c:1.82
--- php-src/ext/standard/http_fopen_wrapper.c:1.81      Thu Jan 29 19:24:17 2004
+++ php-src/ext/standard/http_fopen_wrapper.c   Tue Feb 24 16:52:40 2004
@@ -18,7 +18,7 @@
    |          Wez Furlong <[EMAIL PROTECTED]>                          |
    +----------------------------------------------------------------------+
  */
-/* $Id: http_fopen_wrapper.c,v 1.81 2004/01/30 00:24:17 pollita Exp $ */ 
+/* $Id: http_fopen_wrapper.c,v 1.82 2004/02/24 21:52:40 iliaa Exp $ */ 
 
 #include "php.h"
 #include "php_globals.h"
@@ -351,17 +351,22 @@
        }
 
 
-       if (!php_stream_eof(stream))    {
+       if (!php_stream_eof(stream)) {
+               size_t tmp_line_len;
                /* get response header */
 
-               if (php_stream_gets(stream, tmp_line, sizeof(tmp_line)-1) != NULL)     
 {
+               if (_php_stream_get_line(stream, tmp_line, sizeof(tmp_line) - 1, 
&tmp_line_len) != NULL) {
                        zval *http_response;
                        int response_code;
 
                        MAKE_STD_ZVAL(http_response);
                        ZVAL_NULL(http_response);
 
-                       response_code = atoi(tmp_line + 9);
+                       if (tmp_line_len > 9) {
+                               response_code = atoi(tmp_line + 9);
+                       } else {
+                               response_code = 0;
+                       }
                        switch(response_code) {
                                case 200:
                                case 302:
@@ -373,11 +378,15 @@
                                                        tmp_line, response_code);
                                        break;
                                default:
+                                       /* safety net in the event tmp_line == NULL */
+                                       if (!tmp_line_len) {
+                                               tmp_line[0] = '\0';
+                                       }
                                        php_stream_notify_error(context, 
PHP_STREAM_NOTIFY_FAILURE,
                                                        tmp_line, response_code);
                        }
                        
-                       Z_STRLEN_P(http_response) = strlen(tmp_line);
+                       Z_STRLEN_P(http_response) = tmp_line_len;
                        Z_STRVAL_P(http_response) = estrndup(tmp_line, 
Z_STRLEN_P(http_response));
                        if 
(Z_STRVAL_P(http_response)[Z_STRLEN_P(http_response)-1]=='\n') {
                                
Z_STRVAL_P(http_response)[Z_STRLEN_P(http_response)-1]=0;

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php