[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /sapi/cgi cgi_main.c

Wed, 27 Feb 2008 16:37:10 -0800 

iliaa           Thu Feb 28 00:29:30 2008 UTC

  Modified files:              (Branch: PHP_5_2)
    /php-src/sapi/cgi   cgi_main.c 
    /php-src    NEWS 
  Log:
  
  Fixed security issue detailed in CVE-2008-0599
  
http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.54&r2=1.267.2.15.2.55&diff_format=u
Index: php-src/sapi/cgi/cgi_main.c
diff -u php-src/sapi/cgi/cgi_main.c:1.267.2.15.2.54 
php-src/sapi/cgi/cgi_main.c:1.267.2.15.2.55
--- php-src/sapi/cgi/cgi_main.c:1.267.2.15.2.54 Mon Dec 31 07:20:16 2007
+++ php-src/sapi/cgi/cgi_main.c Thu Feb 28 00:29:29 2008
@@ -21,7 +21,7 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id: cgi_main.c,v 1.267.2.15.2.54 2007/12/31 07:20:16 sebastian Exp $ */
+/* $Id: cgi_main.c,v 1.267.2.15.2.55 2008/02/28 00:29:29 iliaa Exp $ */
 
 #include "php.h"
 #include "php_globals.h"
@@ -1017,7 +1017,7 @@
                                                ) {
                                                        /* PATH_TRANSLATED = 
PATH_TRANSLATED - SCRIPT_NAME + PATH_INFO */
                                                        int ptlen = strlen(pt) 
- strlen(env_script_name);
-                                                       int path_translated_len 
= ptlen + env_path_info ? strlen(env_path_info) : 0;
+                                                       int path_translated_len 
= ptlen + (env_path_info ? strlen(env_path_info) : 0);
                                                        char *path_translated = 
NULL;
 
                                                        path_translated = (char 
*) emalloc(path_translated_len + 1);
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1100&r2=1.2027.2.547.2.1101&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.547.2.1100 php-src/NEWS:1.2027.2.547.2.1101
--- php-src/NEWS:1.2027.2.547.2.1100    Wed Feb 27 02:04:09 2008
+++ php-src/NEWS        Thu Feb 28 00:29:29 2008
@@ -1,6 +1,7 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-?? ??? 2008, PHP 5.2.6
+27 Feb 2008, PHP 5.2.6RC1
+- Fixed security issue detailed in CVE-2008-0599. (Rasmus)
 - Fixed potential memleak in stream filter parameter for zlib filter (Greg)
 - Added Reflection API metadata for the methods of the DOM classes. (Sebastian)
 - Fixed weired behavior in CGI parameter parsing. (Dmitry, Hannes Magnusson)

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to