dmitry Thu Apr 3 10:24:58 2008 UTC Modified files: (Branch: PHP_5_3) /php-src/sapi/cgi fastcgi.c Log: - Fixed possible stack buffer overflow in FastCGI SAPI. (Andrey Nigmatulin) - Fixed sending of uninitialized paddings which may contain some information. (Andrey Nigmatulin) http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.4.2.13.2.28.2.2&r2=1.4.2.13.2.28.2.3&diff_format=u Index: php-src/sapi/cgi/fastcgi.c diff -u php-src/sapi/cgi/fastcgi.c:1.4.2.13.2.28.2.2 php-src/sapi/cgi/fastcgi.c:1.4.2.13.2.28.2.3 --- php-src/sapi/cgi/fastcgi.c:1.4.2.13.2.28.2.2 Fri Feb 15 14:45:42 2008 +++ php-src/sapi/cgi/fastcgi.c Thu Apr 3 10:24:58 2008 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: fastcgi.c,v 1.4.2.13.2.28.2.2 2008/02/15 14:45:42 dmitry Exp $ */ +/* $Id: fastcgi.c,v 1.4.2.13.2.28.2.3 2008/04/03 10:24:58 dmitry Exp $ */ #include "php.h" #include "fastcgi.h" @@ -593,6 +593,9 @@ hdr->reserved = 0; hdr->type = type; hdr->version = FCGI_VERSION_1; + if (pad) { + memset(((unsigned char*)hdr) + sizeof(fcgi_header) + len, 0, pad); + } return pad; } @@ -777,7 +780,7 @@ { int ret, n, rest; fcgi_header hdr; - unsigned char buf[8]; + unsigned char buf[255]; n = 0; rest = len;
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php