mirror of
https://github.com/php/php-src.git
synced 2025-08-20 09:24:05 +02:00
Fixed Bug #63581 Possible buffer overflow
In fpm-log, possible buffer overflow. Check for length is done at the beginning of the loop, so is not done when overflow occurs on the last loop (len = 1024 or 1025). (ack from fat). This issue where found from by static code analysis tool and, so, I can't provide any reproducer.
This commit is contained in:
parent
f08060a48f
commit
bc492007da
2 changed files with 7 additions and 3 deletions
3
NEWS
3
NEWS
|
@ -21,6 +21,9 @@ PHP NEWS
|
|||
. Fixed bug #63590 (Different results in TS and NTS under Windows).
|
||||
(Anatoliy)
|
||||
|
||||
- FPM:
|
||||
. Fixed bug #63581 Possible null dereference and buffer overflow (Remi)
|
||||
|
||||
- Imap:
|
||||
. Fixed Bug #63126 DISABLE_AUTHENTICATOR ignores array (Remi)
|
||||
|
||||
|
|
|
@ -96,7 +96,7 @@ int fpm_log_init_child(struct fpm_worker_pool_s *wp) /* {{{ */
|
|||
int fpm_log_write(char *log_format TSRMLS_DC) /* {{{ */
|
||||
{
|
||||
char *s, *b;
|
||||
char buffer[FPM_LOG_BUFFER];
|
||||
char buffer[FPM_LOG_BUFFER+1];
|
||||
int token, test;
|
||||
size_t len, len2;
|
||||
struct fpm_scoreboard_proc_s proc, *proc_p;
|
||||
|
@ -146,9 +146,10 @@ int fpm_log_write(char *log_format TSRMLS_DC) /* {{{ */
|
|||
s = log_format;
|
||||
|
||||
while (*s != '\0') {
|
||||
if (len > FPM_LOG_BUFFER) {
|
||||
/* Test is we have place for 1 more char. */
|
||||
if (len >= FPM_LOG_BUFFER) {
|
||||
zlog(ZLOG_NOTICE, "the log buffer is full (%d). The access log request has been truncated.", FPM_LOG_BUFFER);
|
||||
len = FPM_LOG_BUFFER - 1;
|
||||
len = FPM_LOG_BUFFER;
|
||||
break;
|
||||
}
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue