[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/sapi/cgi/fastcgi.c trunk/sapi/cgi/fastcgi.c
dmitry Wed, 19 Jan 2011 08:38:25 + Revision: http://svn.php.net/viewvc?view=revisionrevision=307579 Log: Added checks for malformated FastCGI requests (Edgar Frank) Changed paths: U php/php-src/branches/PHP_5_3/sapi/cgi/fastcgi.c U php/php-src/trunk/sapi/cgi/fastcgi.c Modified: php/php-src/branches/PHP_5_3/sapi/cgi/fastcgi.c === --- php/php-src/branches/PHP_5_3/sapi/cgi/fastcgi.c 2011-01-19 07:27:40 UTC (rev 307578) +++ php/php-src/branches/PHP_5_3/sapi/cgi/fastcgi.c 2011-01-19 08:38:25 UTC (rev 307579) @@ -605,28 +605,39 @@ { char buf[128]; char *tmp = buf; - int buf_size = sizeof(buf); - int name_len, val_len; + size_t buf_size = sizeof(buf); + unsigned int name_len, val_len; char *s; int ret = 1; while (p end) { name_len = *p++; if (name_len = 128) { + if (p + 3 = end) { + ret = 0; + break; + } name_len = ((name_len 0x7f) 24); name_len |= (*p++ 16); name_len |= (*p++ 8); name_len |= *p++; } + if (p = end) { + ret = 0; + break; + } val_len = *p++; if (val_len = 128) { + if (p + 3 = end) { + ret = 0; + break; + } val_len = ((val_len 0x7f) 24); val_len |= (*p++ 16); val_len |= (*p++ 8); val_len |= *p++; } - if (name_len + val_len 0 || - name_len + val_len end - p) { + if (name_len + val_len end - p) { /* Malformated request */ ret = 0; break; Modified: php/php-src/trunk/sapi/cgi/fastcgi.c === --- php/php-src/trunk/sapi/cgi/fastcgi.c2011-01-19 07:27:40 UTC (rev 307578) +++ php/php-src/trunk/sapi/cgi/fastcgi.c2011-01-19 08:38:25 UTC (rev 307579) @@ -842,33 +842,33 @@ static int fcgi_get_params(fcgi_request *req, unsigned char *p, unsigned char *end) { unsigned int name_len, val_len; - int ret = 1; while (p end) { name_len = *p++; if (UNEXPECTED(name_len = 128)) { + if (UNEXPECTED(p + 3 = end)) return 0; name_len = ((name_len 0x7f) 24); name_len |= (*p++ 16); name_len |= (*p++ 8); name_len |= *p++; } + if (UNEXPECTED(p = end)) return 0; val_len = *p++; if (UNEXPECTED(val_len = 128)) { + if (UNEXPECTED(p + 3 = end)) return 0; val_len = ((val_len 0x7f) 24); val_len |= (*p++ 16); val_len |= (*p++ 8); val_len |= *p++; } - if (UNEXPECTED(name_len + val_len 0) || - UNEXPECTED(name_len + val_len (unsigned int) (end - p))) { + if (UNEXPECTED(name_len + val_len (unsigned int) (end - p))) { /* Malformated request */ - ret = 0; - break; + return 0; } fcgi_hash_set(req-env, FCGI_HASH_FUNC(p, name_len), (char*)p, name_len, (char*)p + name_len, val_len); p += name_len + val_len; } - return ret; + return 1; } static int fcgi_read_request(fcgi_request *req) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/sapi/cgi/fastcgi.c trunk/sapi/cgi/fastcgi.c
Could you please MFB to 5.2 Thanks. On 09-12-23 4:40 AM, Antony Dovgal wrote: tony2001 Wed, 23 Dec 2009 09:40:28 + Revision: http://svn.php.net/viewvc?view=revisionrevision=292519 Log: fix minor leak in CGI sapi (happened once per child) Changed paths: U php/php-src/branches/PHP_5_3/sapi/cgi/fastcgi.c U php/php-src/trunk/sapi/cgi/fastcgi.c Modified: php/php-src/branches/PHP_5_3/sapi/cgi/fastcgi.c === --- php/php-src/branches/PHP_5_3/sapi/cgi/fastcgi.c 2009-12-23 09:37:28 UTC (rev 292518) +++ php/php-src/branches/PHP_5_3/sapi/cgi/fastcgi.c 2009-12-23 09:40:28 UTC (rev 292519) @@ -255,6 +255,9 @@ zend_hash_destroy(fcgi_mgmt_vars); } is_fastcgi = 0; + if (allowed_clients) { + free(allowed_clients); + } } #ifdef _WIN32 Modified: php/php-src/trunk/sapi/cgi/fastcgi.c === --- php/php-src/trunk/sapi/cgi/fastcgi.c 2009-12-23 09:37:28 UTC (rev 292518) +++ php/php-src/trunk/sapi/cgi/fastcgi.c 2009-12-23 09:40:28 UTC (rev 292519) @@ -186,6 +186,9 @@ zend_hash_destroy(fcgi_mgmt_vars); } is_fastcgi = 0; + if (allowed_clients) { + free(allowed_clients); + } } int fcgi_init(void) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/sapi/cgi/fastcgi.c trunk/sapi/cgi/fastcgi.c
On 24.12.2009 00:15, Jani Taskinen wrote: Everybody seems to commit only in whatever branch they are working now? AFAICT, this patch is necessary also in PHP_5_2, why didn't you commit there? It's a minor thing and I want it to be okayed by Ilia first. -- Wbr, Antony Dovgal --- http://pinba.org - realtime statistics for PHP -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/sapi/cgi/fastcgi.c trunk/sapi/cgi/fastcgi.c
tony2001 Wed, 23 Dec 2009 09:40:28 + Revision: http://svn.php.net/viewvc?view=revisionrevision=292519 Log: fix minor leak in CGI sapi (happened once per child) Changed paths: U php/php-src/branches/PHP_5_3/sapi/cgi/fastcgi.c U php/php-src/trunk/sapi/cgi/fastcgi.c Modified: php/php-src/branches/PHP_5_3/sapi/cgi/fastcgi.c === --- php/php-src/branches/PHP_5_3/sapi/cgi/fastcgi.c 2009-12-23 09:37:28 UTC (rev 292518) +++ php/php-src/branches/PHP_5_3/sapi/cgi/fastcgi.c 2009-12-23 09:40:28 UTC (rev 292519) @@ -255,6 +255,9 @@ zend_hash_destroy(fcgi_mgmt_vars); } is_fastcgi = 0; + if (allowed_clients) { + free(allowed_clients); + } } #ifdef _WIN32 Modified: php/php-src/trunk/sapi/cgi/fastcgi.c === --- php/php-src/trunk/sapi/cgi/fastcgi.c2009-12-23 09:37:28 UTC (rev 292518) +++ php/php-src/trunk/sapi/cgi/fastcgi.c2009-12-23 09:40:28 UTC (rev 292519) @@ -186,6 +186,9 @@ zend_hash_destroy(fcgi_mgmt_vars); } is_fastcgi = 0; + if (allowed_clients) { + free(allowed_clients); + } } int fcgi_init(void) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/sapi/cgi/fastcgi.c trunk/sapi/cgi/fastcgi.c
Everybody seems to commit only in whatever branch they are working now? AFAICT, this patch is necessary also in PHP_5_2, why didn't you commit there? --Jani 23.12.2009 11:40, Antony Dovgal wrote: tony2001 Wed, 23 Dec 2009 09:40:28 + Revision: http://svn.php.net/viewvc?view=revisionrevision=292519 Log: fix minor leak in CGI sapi (happened once per child) Changed paths: U php/php-src/branches/PHP_5_3/sapi/cgi/fastcgi.c U php/php-src/trunk/sapi/cgi/fastcgi.c Modified: php/php-src/branches/PHP_5_3/sapi/cgi/fastcgi.c === --- php/php-src/branches/PHP_5_3/sapi/cgi/fastcgi.c 2009-12-23 09:37:28 UTC (rev 292518) +++ php/php-src/branches/PHP_5_3/sapi/cgi/fastcgi.c 2009-12-23 09:40:28 UTC (rev 292519) @@ -255,6 +255,9 @@ zend_hash_destroy(fcgi_mgmt_vars); } is_fastcgi = 0; + if (allowed_clients) { + free(allowed_clients); + } } #ifdef _WIN32 Modified: php/php-src/trunk/sapi/cgi/fastcgi.c === --- php/php-src/trunk/sapi/cgi/fastcgi.c2009-12-23 09:37:28 UTC (rev 292518) +++ php/php-src/trunk/sapi/cgi/fastcgi.c2009-12-23 09:40:28 UTC (rev 292519) @@ -186,6 +186,9 @@ zend_hash_destroy(fcgi_mgmt_vars); } is_fastcgi = 0; + if (allowed_clients) { + free(allowed_clients); + } } int fcgi_init(void) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php