mirror of
https://github.com/php/php-src.git
synced 2024-09-21 18:07:23 +00:00
Handle NULL strings in sapi_cli_server_register_variable().
Fixes bug #68745 (Invalid HTTP requests make web server segfault).
This commit is contained in:
parent
0cc2810498
commit
448ef30f75
3
NEWS
3
NEWS
@ -23,6 +23,9 @@ PHP NEWS
|
||||
- CGI:
|
||||
. Fix bug #68618 (out of bounds read crashes php-cgi). (Stas)
|
||||
|
||||
- CLI server:
|
||||
. Fix bug #68745 (Invalid HTTP requests make web server segfault). (Adam)
|
||||
|
||||
- cURL:
|
||||
. Fixed bug #67643 (curl_multi_getcontent returns '' when
|
||||
CURLOPT_RETURNTRANSFER isn't set). (Jille Timmermans)
|
||||
|
@ -708,6 +708,11 @@ static void sapi_cli_server_register_variable(zval *track_vars_array, const char
|
||||
{
|
||||
char *new_val = (char *)val;
|
||||
uint new_val_len;
|
||||
|
||||
if (NULL == val) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (sapi_module.input_filter(PARSE_SERVER, (char*)key, &new_val, strlen(val), &new_val_len TSRMLS_CC)) {
|
||||
php_register_variable_safe((char *)key, new_val, new_val_len, track_vars_array TSRMLS_CC);
|
||||
}
|
||||
|
34
sapi/cli/tests/bug68745.phpt
Normal file
34
sapi/cli/tests/bug68745.phpt
Normal file
@ -0,0 +1,34 @@
|
||||
--TEST--
|
||||
Bug #68745 (Invalid HTTP requests make web server segfault)
|
||||
--SKIPIF--
|
||||
<?php
|
||||
include "skipif.inc";
|
||||
?>
|
||||
--FILE--
|
||||
<?php
|
||||
include "php_cli_server.inc";
|
||||
php_cli_server_start('var_dump(count($_SERVER));', 'not-index.php');
|
||||
|
||||
list($host, $port) = explode(':', PHP_CLI_SERVER_ADDRESS);
|
||||
$port = intval($port)?:80;
|
||||
|
||||
$fp = fsockopen($host, $port, $errno, $errstr, 0.5);
|
||||
if (!$fp) {
|
||||
die("connect failed");
|
||||
}
|
||||
|
||||
if(fwrite($fp, "GET www.example.com:80 HTTP/1.1\r\n\r\n")) {
|
||||
while (!feof($fp)) {
|
||||
echo fgets($fp);
|
||||
}
|
||||
}
|
||||
|
||||
fclose($fp);
|
||||
?>
|
||||
--EXPECTF--
|
||||
HTTP/1.1 200 OK
|
||||
Connection: close
|
||||
X-Powered-By: %s
|
||||
Content-type: text/html
|
||||
|
||||
int(%d)
|
Loading…
Reference in New Issue
Block a user