dmitry Thu Apr 3 10:24:58 2008 UTC
Modified files: (Branch: PHP_5_3)
/php-src/sapi/cgi fastcgi.c
Log:
- Fixed possible stack buffer overflow in FastCGI SAPI. (Andrey Nigmatulin)
- Fixed sending of uninitialized paddings which may contain some information.
(Andrey Nigmatulin)
http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.4.2.13.2.28.2.2&r2=1.4.2.13.2.28.2.3&diff_format=u
Index: php-src/sapi/cgi/fastcgi.c
diff -u php-src/sapi/cgi/fastcgi.c:1.4.2.13.2.28.2.2
php-src/sapi/cgi/fastcgi.c:1.4.2.13.2.28.2.3
--- php-src/sapi/cgi/fastcgi.c:1.4.2.13.2.28.2.2 Fri Feb 15 14:45:42 2008
+++ php-src/sapi/cgi/fastcgi.c Thu Apr 3 10:24:58 2008
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: fastcgi.c,v 1.4.2.13.2.28.2.2 2008/02/15 14:45:42 dmitry Exp $ */
+/* $Id: fastcgi.c,v 1.4.2.13.2.28.2.3 2008/04/03 10:24:58 dmitry Exp $ */
#include "php.h"
#include "fastcgi.h"
@@ -593,6 +593,9 @@
hdr->reserved = 0;
hdr->type = type;
hdr->version = FCGI_VERSION_1;
+ if (pad) {
+ memset(((unsigned char*)hdr) + sizeof(fcgi_header) + len, 0,
pad);
+ }
return pad;
}
@@ -777,7 +780,7 @@
{
int ret, n, rest;
fcgi_header hdr;
- unsigned char buf[8];
+ unsigned char buf[255];
n = 0;
rest = len;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
