[PHP-CVS] cvs: php-src /sapi/cgi fastcgi.c

Thu, 15 Feb 2007 04:05:36 -0800 

dmitry          Thu Feb 15 12:05:25 2007 UTC

  Modified files:              
    /php-src/sapi/cgi   fastcgi.c 
  Log:
  Fixed Bug #40352 (FCGI_WEB_SERVER_ADDRS function get lost)
  
  
http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.28&r2=1.29&diff_format=u
Index: php-src/sapi/cgi/fastcgi.c
diff -u php-src/sapi/cgi/fastcgi.c:1.28 php-src/sapi/cgi/fastcgi.c:1.29
--- php-src/sapi/cgi/fastcgi.c:1.28     Mon Jan  1 09:29:36 2007
+++ php-src/sapi/cgi/fastcgi.c  Thu Feb 15 12:05:25 2007
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id: fastcgi.c,v 1.28 2007/01/01 09:29:36 sebastian Exp $ */
+/* $Id: fastcgi.c,v 1.29 2007/02/15 12:05:25 dmitry Exp $ */
 
 #include "php.h"
 #include "fastcgi.h"
@@ -153,6 +153,8 @@
 
 #else
 
+static in_addr_t *allowed_clients = NULL;
+
 static void fcgi_signal_handler(int signo)
 {
        if (signo == SIGUSR1 || signo == SIGTERM) {
@@ -317,6 +319,38 @@
 
        if (!tcp) {
                chmod(path, 0777);
+       } else {
+           char *ip = getenv("FCGI_WEB_SERVER_ADDRS");
+           char *cur, *end;
+           int n;
+           
+           if (ip) {
+               ip = strdup(ip);
+               cur = ip;
+               n = 0;
+               while (*cur) {
+                       if (*cur == ',') n++;
+                       cur++;
+               }
+               allowed_clients = malloc(sizeof(in_addr_t) * (n+2));
+               n = 0;
+               cur = ip;
+               while (cur) {
+                       end = strchr(cur, ',');
+                       if (end) {
+                               *end = 0;
+                               end++;
+                       }
+                       allowed_clients[n] = inet_addr(cur);
+                       if (allowed_clients[n] == INADDR_NONE) {
+                                       fprintf(stderr, "Wrong IP address '%s' 
in FCGI_WEB_SERVER_ADDRS\n", cur);
+                       }
+                       n++;
+                       cur = end;
+               }
+               allowed_clients[n] = INADDR_NONE;
+                       free(ip);
+               }
        }
 
        if (!is_initialized) {
@@ -689,6 +723,24 @@
                                        FCGI_LOCK(req->listen_socket);
                                        req->fd = accept(req->listen_socket, 
(struct sockaddr *)&sa, &len);
                                        FCGI_UNLOCK(req->listen_socket);
+                                       if (req->fd >= 0 && allowed_clients) {
+                                               int n = 0;
+                                               int allowed = 0;
+
+                                       while (allowed_clients[n] != 
INADDR_NONE) {
+                                               if (allowed_clients[n] == 
sa.sa_inet.sin_addr.s_addr) {
+                                                       allowed = 1;
+                                                       break;
+                                               }
+                                               n++;
+                                       }
+                                               if (!allowed) {
+                                                       fprintf(stderr, 
"Connection from disallowed IP address '%s' is dropped.\n", 
inet_ntoa(sa.sa_inet.sin_addr));
+                                                       close(req->fd);
+                                                       req->fd = -1;
+                                                       continue;
+                                               }
+                                       }
                                }
 #endif
 

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to