subject:"\[PHP\-CVS\] svn\: \/php\/php\-src\/ branches\/PHP_5_3\/sapi\/cgi\/fastcgi.c trunk\/sapi\/cgi\/fastcgi.c"

[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/sapi/cgi/fastcgi.c trunk/sapi/cgi/fastcgi.c

2011-01-19 Thread Dmitry Stogov

dmitry   Wed, 19 Jan 2011 08:38:25 +

Revision: http://svn.php.net/viewvc?view=revisionrevision=307579

Log:
Added checks for malformated FastCGI requests (Edgar Frank)

Changed paths:
U   php/php-src/branches/PHP_5_3/sapi/cgi/fastcgi.c
U   php/php-src/trunk/sapi/cgi/fastcgi.c

Modified: php/php-src/branches/PHP_5_3/sapi/cgi/fastcgi.c
===
--- php/php-src/branches/PHP_5_3/sapi/cgi/fastcgi.c 2011-01-19 07:27:40 UTC 
(rev 307578)
+++ php/php-src/branches/PHP_5_3/sapi/cgi/fastcgi.c 2011-01-19 08:38:25 UTC 
(rev 307579)
@@ -605,28 +605,39 @@
 {
char buf[128];
char *tmp = buf;
-   int buf_size = sizeof(buf);
-   int name_len, val_len;
+   size_t buf_size = sizeof(buf);
+   unsigned int name_len, val_len;
char *s;
int ret = 1;

while (p  end) {
name_len = *p++;
if (name_len = 128) {
+   if (p + 3 = end) {
+   ret = 0;
+   break;
+   }
name_len = ((name_len  0x7f)  24);
name_len |= (*p++  16);
name_len |= (*p++  8);
name_len |= *p++;
}
+   if (p = end) {
+   ret = 0;
+   break;
+   }
val_len = *p++;
if (val_len = 128) {
+   if (p + 3 = end) {
+   ret = 0;
+   break;
+   }
val_len = ((val_len  0x7f)  24);
val_len |= (*p++  16);
val_len |= (*p++  8);
val_len |= *p++;
}
-   if (name_len + val_len  0 ||
-   name_len + val_len  end - p) {
+   if (name_len + val_len  end - p) {
/* Malformated request */
ret = 0;
break;

Modified: php/php-src/trunk/sapi/cgi/fastcgi.c
===
--- php/php-src/trunk/sapi/cgi/fastcgi.c2011-01-19 07:27:40 UTC (rev 
307578)
+++ php/php-src/trunk/sapi/cgi/fastcgi.c2011-01-19 08:38:25 UTC (rev 
307579)
@@ -842,33 +842,33 @@
 static int fcgi_get_params(fcgi_request *req, unsigned char *p, unsigned char 
*end)
 {
unsigned int name_len, val_len;
-   int ret = 1;

while (p  end) {
name_len = *p++;
if (UNEXPECTED(name_len = 128)) {
+   if (UNEXPECTED(p + 3 = end)) return 0;
name_len = ((name_len  0x7f)  24);
name_len |= (*p++  16);
name_len |= (*p++  8);
name_len |= *p++;
}
+   if (UNEXPECTED(p = end)) return 0;
val_len = *p++;
if (UNEXPECTED(val_len = 128)) {
+   if (UNEXPECTED(p + 3 = end)) return 0;
val_len = ((val_len  0x7f)  24);
val_len |= (*p++  16);
val_len |= (*p++  8);
val_len |= *p++;
}
-   if (UNEXPECTED(name_len + val_len  0) ||
-   UNEXPECTED(name_len + val_len  (unsigned int) (end - p))) {
+   if (UNEXPECTED(name_len + val_len  (unsigned int) (end - p))) {
/* Malformated request */
-   ret = 0;
-   break;
+   return 0;
}
fcgi_hash_set(req-env, FCGI_HASH_FUNC(p, name_len), (char*)p, 
name_len, (char*)p + name_len, val_len);
p += name_len + val_len;
}
-   return ret;
+   return 1;
 }

 static int fcgi_read_request(fcgi_request *req)

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/sapi/cgi/fastcgi.c trunk/sapi/cgi/fastcgi.c

2009-12-25 Thread Ilia Alshanetsky

Could you please MFB to 5.2

Thanks.

On 09-12-23 4:40 AM, Antony Dovgal wrote:
 tony2001 Wed, 23 Dec 2009 09:40:28 +

 Revision: http://svn.php.net/viewvc?view=revisionrevision=292519

 Log:
 fix minor leak in CGI sapi (happened once per child)

 Changed paths:
 U   php/php-src/branches/PHP_5_3/sapi/cgi/fastcgi.c
 U   php/php-src/trunk/sapi/cgi/fastcgi.c

 Modified: php/php-src/branches/PHP_5_3/sapi/cgi/fastcgi.c
 ===
 --- php/php-src/branches/PHP_5_3/sapi/cgi/fastcgi.c   2009-12-23 09:37:28 UTC 
 (rev 292518)
 +++ php/php-src/branches/PHP_5_3/sapi/cgi/fastcgi.c   2009-12-23 09:40:28 UTC 
 (rev 292519)
 @@ -255,6 +255,9 @@
   zend_hash_destroy(fcgi_mgmt_vars);
   }
   is_fastcgi = 0;
 + if (allowed_clients) {
 + free(allowed_clients);
 + }
  }

  #ifdef _WIN32

 Modified: php/php-src/trunk/sapi/cgi/fastcgi.c
 ===
 --- php/php-src/trunk/sapi/cgi/fastcgi.c  2009-12-23 09:37:28 UTC (rev 
 292518)
 +++ php/php-src/trunk/sapi/cgi/fastcgi.c  2009-12-23 09:40:28 UTC (rev 
 292519)
 @@ -186,6 +186,9 @@
   zend_hash_destroy(fcgi_mgmt_vars);
   }
   is_fastcgi = 0;
 + if (allowed_clients) {
 + free(allowed_clients);
 + }
  }

  int fcgi_init(void)

   

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/sapi/cgi/fastcgi.c trunk/sapi/cgi/fastcgi.c

2009-12-24 Thread Antony Dovgal

On 24.12.2009 00:15, Jani Taskinen wrote:
 Everybody seems to commit only in whatever branch they are working now?
 AFAICT, this patch is necessary also in PHP_5_2, why didn't you commit there?

It's a minor thing and I want it to be okayed by Ilia first.

-- 
Wbr, 
Antony Dovgal
---
http://pinba.org - realtime statistics for PHP

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/sapi/cgi/fastcgi.c trunk/sapi/cgi/fastcgi.c

2009-12-23 Thread Antony Dovgal

tony2001 Wed, 23 Dec 2009 09:40:28 +

Revision: http://svn.php.net/viewvc?view=revisionrevision=292519

Log:
fix minor leak in CGI sapi (happened once per child)

Changed paths:
U   php/php-src/branches/PHP_5_3/sapi/cgi/fastcgi.c
U   php/php-src/trunk/sapi/cgi/fastcgi.c

Modified: php/php-src/branches/PHP_5_3/sapi/cgi/fastcgi.c
===
--- php/php-src/branches/PHP_5_3/sapi/cgi/fastcgi.c 2009-12-23 09:37:28 UTC 
(rev 292518)
+++ php/php-src/branches/PHP_5_3/sapi/cgi/fastcgi.c 2009-12-23 09:40:28 UTC 
(rev 292519)
@@ -255,6 +255,9 @@
zend_hash_destroy(fcgi_mgmt_vars);
}
is_fastcgi = 0;
+   if (allowed_clients) {
+   free(allowed_clients);
+   }
 }

 #ifdef _WIN32

Modified: php/php-src/trunk/sapi/cgi/fastcgi.c
===
--- php/php-src/trunk/sapi/cgi/fastcgi.c2009-12-23 09:37:28 UTC (rev 
292518)
+++ php/php-src/trunk/sapi/cgi/fastcgi.c2009-12-23 09:40:28 UTC (rev 
292519)
@@ -186,6 +186,9 @@
zend_hash_destroy(fcgi_mgmt_vars);
}
is_fastcgi = 0;
+   if (allowed_clients) {
+   free(allowed_clients);
+   }
 }

 int fcgi_init(void)

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/sapi/cgi/fastcgi.c trunk/sapi/cgi/fastcgi.c

2009-12-23 Thread Jani Taskinen


Everybody seems to commit only in whatever branch they are working now?
AFAICT, this patch is necessary also in PHP_5_2, why didn't you commit there?

--Jani


23.12.2009 11:40, Antony Dovgal wrote:

tony2001 Wed, 23 Dec 2009 09:40:28 +

Revision: http://svn.php.net/viewvc?view=revisionrevision=292519

Log:
fix minor leak in CGI sapi (happened once per child)

Changed paths:
 U   php/php-src/branches/PHP_5_3/sapi/cgi/fastcgi.c
 U   php/php-src/trunk/sapi/cgi/fastcgi.c

Modified: php/php-src/branches/PHP_5_3/sapi/cgi/fastcgi.c
===
--- php/php-src/branches/PHP_5_3/sapi/cgi/fastcgi.c 2009-12-23 09:37:28 UTC 
(rev 292518)
+++ php/php-src/branches/PHP_5_3/sapi/cgi/fastcgi.c 2009-12-23 09:40:28 UTC 
(rev 292519)
@@ -255,6 +255,9 @@
zend_hash_destroy(fcgi_mgmt_vars);
}
is_fastcgi = 0;
+   if (allowed_clients) {
+   free(allowed_clients);
+   }
  }

  #ifdef _WIN32

Modified: php/php-src/trunk/sapi/cgi/fastcgi.c
===
--- php/php-src/trunk/sapi/cgi/fastcgi.c2009-12-23 09:37:28 UTC (rev 
292518)
+++ php/php-src/trunk/sapi/cgi/fastcgi.c2009-12-23 09:40:28 UTC (rev 
292519)
@@ -186,6 +186,9 @@
zend_hash_destroy(fcgi_mgmt_vars);
}
is_fastcgi = 0;
+   if (allowed_clients) {
+   free(allowed_clients);
+   }
  }

  int fcgi_init(void)





--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/sapi/cgi/fastcgi.c trunk/sapi/cgi/fastcgi.c

Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/sapi/cgi/fastcgi.c trunk/sapi/cgi/fastcgi.c

Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/sapi/cgi/fastcgi.c trunk/sapi/cgi/fastcgi.c

[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/sapi/cgi/fastcgi.c trunk/sapi/cgi/fastcgi.c

Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/sapi/cgi/fastcgi.c trunk/sapi/cgi/fastcgi.c

5 matches

Site Navigation

Mail list logo

Footer information