archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Security: update to LiteSpeed SAPI v7.7 to address an buffer overflow, and some log message tunings.

Browse source
This commit is contained in:
George Wang 2020-07-23 15:35:32 -04:00
parent c68d48de9e
commit c39f5fe94e
3 changed files with 234 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

6
sapi/litespeed/lsapi_main.c
View file

@ -72,7 +72,7 @@
#include "lscriu.c"
#endif
#define SAPI_LSAPI_MAX_HEADER_LENGTH 2048
#define SAPI_LSAPI_MAX_HEADER_LENGTH LSAPI_RESP_HTTP_HEADER_MAX
/* Key for each cache entry is dirname(PATH_TRANSLATED).
*
@ -621,7 +621,7 @@ static int sapi_lsapi_activate()
static sapi_module_struct lsapi_sapi_module =
{
"litespeed",
"LiteSpeed V7.6",
"LiteSpeed V7.7",
php_lsapi_startup, /* startup */
php_module_shutdown_wrapper, /* shutdown */
@ -1768,7 +1768,7 @@ PHP_FUNCTION(litespeed_response_headers)
if ( h->header_len > 0 ) {
p = strchr( h->header, ':' );
len = p - h->header;
if (( p )&&( len > 0 )) {
if (p && len > 0 && len < LSAPI_RESP_HTTP_HEADER_MAX) {
memmove( headerBuf, h->header, len );
while( len > 0 && (isspace( headerBuf[len-1])) ) {
--len;