[PHP-CVS] com php-src: Fixed bug #61461 (missing checks around malloc() calls).: NEWS sapi/cli/php_cli_server.c

Tue, 20 Mar 2012 23:40:56 -0700 

Commit:    9dcfb8c73fd639485182497ae5a8fc7d7ca7eb11
Author:    Ilia Alshanetsky <ili...@php.net>         Tue, 20 Mar 2012 21:07:08 
-0400
Parents:   f3f76e5e8af265cd59d8edb7fb0827be6abc9a5a
Branches:  PHP-5.4

Link:       
http://git.php.net/?p=php-src.git;a=commitdiff;h=9dcfb8c73fd639485182497ae5a8fc7d7ca7eb11

Log:
Fixed bug #61461 (missing checks around malloc() calls).

Bugs:
https://bugs.php.net/61461

Changed paths:
  M  NEWS
  M  sapi/cli/php_cli_server.c


Diff:
9dcfb8c73fd639485182497ae5a8fc7d7ca7eb11
diff --git a/NEWS b/NEWS
index ae0d190..af4f4c9 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,7 @@ PHP                                                             
           NEWS
 ?? ??? 2012, PHP 5.4.1 RC1
 
 - CLI Server:
+  . Fixed bug #61461 (missing checks around malloc() calls). (Ilia)
   . Implemented FR #60850 (Built in web server does not set 
     $_SERVER['SCRIPT_FILENAME'] when using router). (Laruence)
   . "Connection: close" instead of "Connection: closed" (Gustavo)
diff --git a/sapi/cli/php_cli_server.c b/sapi/cli/php_cli_server.c
index 88f5d78..79ccea3 100644
--- a/sapi/cli/php_cli_server.c
+++ b/sapi/cli/php_cli_server.c
@@ -1281,6 +1281,10 @@ static void 
php_cli_server_request_translate_vpath(php_cli_server_request *reque
        size_t prev_patch_len;
        int  is_static_file = 0;
 
+       if (!buf) {
+               return;
+       }
+
        memmove(p, document_root, document_root_len);
        p += document_root_len;
        vpath = p;
@@ -1536,6 +1540,9 @@ static int 
php_cli_server_client_read_request_on_body(php_http_parser *parser, c
        php_cli_server_client *client = parser->data;
        if (!client->request.content) {
                client->request.content = pemalloc(parser->content_length, 1);
+               if (!client->request.content) {
+                       return -1;
+               }
                client->request.content_len = 0;
        }
        memmove(client->request.content + client->request.content_len, at, 
length);
@@ -1606,6 +1613,9 @@ static int 
php_cli_server_client_read_request(php_cli_server_client *client, cha
        }
        if (client->current_header_name) {
                char *header_name = 
safe_pemalloc(client->current_header_name_len, 1, 1, 1);
+               if (!header_name) {
+                       return -1;
+               }
                memmove(header_name, client->current_header_name, 
client->current_header_name_len);
                client->current_header_name = header_name;
                client->current_header_name_allocated = 1;


--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to