mirror of
https://github.com/php/php-src.git
synced 2024-09-27 04:47:22 +00:00
Fixed bug #60206 (possible integer overflow in content_length)
This commit is contained in:
parent
64978cb2d9
commit
d7d0d0724c
@ -529,7 +529,7 @@ static void init_request_info(TSRMLS_D)
|
||||
SG(request_info).request_uri = r->uri;
|
||||
SG(request_info).request_method = (char *)r->method;
|
||||
SG(request_info).content_type = (char *) table_get(r->subprocess_env, "CONTENT_TYPE");
|
||||
SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
|
||||
SG(request_info).content_length = (content_length ? atol(content_length) : 0);
|
||||
SG(sapi_headers).http_response_code = r->status;
|
||||
SG(request_info).proto_num = r->proto_num;
|
||||
|
||||
|
@ -419,7 +419,7 @@ static void php_apache_request_ctor(ap_filter_t *f, php_struct *ctx TSRMLS_DC)
|
||||
efree(content_type);
|
||||
|
||||
content_length = (char *) apr_table_get(f->r->headers_in, "Content-Length");
|
||||
SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
|
||||
SG(request_info).content_length = (content_length ? atol(content_length) : 0);
|
||||
|
||||
apr_table_unset(f->r->headers_out, "Content-Length");
|
||||
apr_table_unset(f->r->headers_out, "Last-Modified");
|
||||
|
@ -483,7 +483,7 @@ static int php_apache_request_ctor(request_rec *r, php_struct *ctx TSRMLS_DC)
|
||||
r->no_local_copy = 1;
|
||||
|
||||
content_length = (char *) apr_table_get(r->headers_in, "Content-Length");
|
||||
SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
|
||||
SG(request_info).content_length = (content_length ? atol(content_length) : 0);
|
||||
|
||||
apr_table_unset(r->headers_out, "Content-Length");
|
||||
apr_table_unset(r->headers_out, "Last-Modified");
|
||||
|
@ -582,7 +582,7 @@ static void init_request_info(TSRMLS_D)
|
||||
SG(request_info).request_method = (char *)r->method;
|
||||
SG(request_info).proto_num = r->proto_num;
|
||||
SG(request_info).content_type = (char *) table_get(r->subprocess_env, "CONTENT_TYPE");
|
||||
SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
|
||||
SG(request_info).content_length = (content_length ? atol(content_length) : 0);
|
||||
SG(sapi_headers).http_response_code = r->status;
|
||||
|
||||
if (r->headers_in) {
|
||||
|
@ -1412,7 +1412,7 @@ static void init_request_info(fcgi_request *request TSRMLS_DC)
|
||||
/* FIXME - Work out proto_num here */
|
||||
SG(request_info).query_string = CGI_GETENV("QUERY_STRING");
|
||||
SG(request_info).content_type = (content_type ? content_type : "" );
|
||||
SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
|
||||
SG(request_info).content_length = (content_length ? atol(content_length) : 0);
|
||||
|
||||
/* The CGI RFC allows servers to pass on unvalidated Authorization data */
|
||||
auth = CGI_GETENV("HTTP_AUTHORIZATION");
|
||||
|
@ -1325,7 +1325,7 @@ static void init_request_info(TSRMLS_D)
|
||||
/* FIXME - Work out proto_num here */
|
||||
SG(request_info).query_string = sapi_cgibin_getenv("QUERY_STRING", sizeof("QUERY_STRING") - 1 TSRMLS_CC);
|
||||
SG(request_info).content_type = (content_type ? content_type : "" );
|
||||
SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
|
||||
SG(request_info).content_length = (content_length ? atol(content_length) : 0);
|
||||
|
||||
/* The CGI RFC allows servers to pass on unvalidated Authorization data */
|
||||
auth = sapi_cgibin_getenv("HTTP_AUTHORIZATION", sizeof("HTTP_AUTHORIZATION") - 1 TSRMLS_CC);
|
||||
|
Loading…
Reference in New Issue
Block a user