archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-18 23:18:56 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fixed bug #60206 (possible integer overflow in content_length)

Browse source
This commit is contained in:
Xinchen Hui 2011-11-03 07:26:09 +00:00
parent 6c01aacc0d
commit a391535e00
7 changed files with 9 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

3
NEWS
View file

@ -137,6 +137,9 @@ PHP NEWS
- FTP:
. Fixed bug #60183 (out of sync ftp responses). (bram at ebskamp dot me, rasmus)
- SAPI:
. Fixed bug #60205 (possible integer overflow in content_length). (Laruence)
23 Aug 2011, PHP 5.3.8

2
sapi/apache/mod_php5.c
View file

@ -533,7 +533,7 @@ static void init_request_info(TSRMLS_D)
SG(request_info).request_uri = r->uri;
SG(request_info).request_method = (char *)r->method;
SG(request_info).content_type = (char *) table_get(r->subprocess_env, "CONTENT_TYPE");
SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
SG(request_info).content_length = (content_length ? atol(content_length) : 0);
SG(sapi_headers).http_response_code = r->status;
SG(request_info).proto_num = r->proto_num;

2
sapi/apache2filter/sapi_apache2.c
View file

@ -420,7 +420,7 @@ static void php_apache_request_ctor(ap_filter_t *f, php_struct *ctx TSRMLS_DC)
efree(content_type);
content_length = (char *) apr_table_get(f->r->headers_in, "Content-Length");
SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
SG(request_info).content_length = (content_length ? atol(content_length) : 0);
apr_table_unset(f->r->headers_out, "Content-Length");
apr_table_unset(f->r->headers_out, "Last-Modified");

2
sapi/apache2handler/sapi_apache2.c
View file

@ -484,7 +484,7 @@ static int php_apache_request_ctor(request_rec *r, php_struct *ctx TSRMLS_DC)
r->no_local_copy = 1;
content_length = (char *) apr_table_get(r->headers_in, "Content-Length");
SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
SG(request_info).content_length = (content_length ? atol(content_length) : 0);
apr_table_unset(r->headers_out, "Content-Length");
apr_table_unset(r->headers_out, "Last-Modified");

2
sapi/apache_hooks/mod_php5.c
View file

@ -587,7 +587,7 @@ static void init_request_info(TSRMLS_D)
SG(request_info).request_method = (char *)r->method;
SG(request_info).proto_num = r->proto_num;
SG(request_info).content_type = (char *) table_get(r->subprocess_env, "CONTENT_TYPE");
SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
SG(request_info).content_length = (content_length ? atol(content_length) : 0);
SG(sapi_headers).http_response_code = r->status;
if (r->headers_in) {

2
sapi/cgi/cgi_main.c
View file

@ -1353,7 +1353,7 @@ static void init_request_info(TSRMLS_D)
/* FIXME - Work out proto_num here */
SG(request_info).query_string = sapi_cgibin_getenv("QUERY_STRING", sizeof("QUERY_STRING")-1 TSRMLS_CC);
SG(request_info).content_type = (content_type ? content_type : "" );
SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
SG(request_info).content_length = (content_length ? atol(content_length) : 0);
/* The CGI RFC allows servers to pass on unvalidated Authorization data */
auth = sapi_cgibin_getenv("HTTP_AUTHORIZATION", sizeof("HTTP_AUTHORIZATION")-1 TSRMLS_CC);

2
sapi/fpm/fpm/fpm_main.c
View file

@ -1332,7 +1332,7 @@ static void init_request_info(TSRMLS_D)
/* FIXME - Work out proto_num here */
SG(request_info).query_string = sapi_cgibin_getenv("QUERY_STRING", sizeof("QUERY_STRING") - 1 TSRMLS_CC);
SG(request_info).content_type = (content_type ? content_type : "" );
SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
SG(request_info).content_length = (content_length ? atol(content_length) : 0);
/* The CGI RFC allows servers to pass on unvalidated Authorization data */
auth = sapi_cgibin_getenv("HTTP_AUTHORIZATION", sizeof("HTTP_AUTHORIZATION") - 1 TSRMLS_CC);