Proper fix for bug #37205

author: Dmitry Stogov <dmitry@php.net> 2006-04-27 11:39:32 +0000
committer: Dmitry Stogov <dmitry@php.net> 2006-04-27 11:39:32 +0000
commit: ff452441e20445a3f829d8b5c6aaddfca84e2073 (patch)
tree: f41d9aadd00aa005c90202cae9711b1e36652b8d /sapi/cgi/fastcgi.c
parent: 522ce80071e992132f549bd5dd41de43f50ccc55 (diff)
download: php-git-ff452441e20445a3f829d8b5c6aaddfca84e2073.tar.gz
1 files changed, 13 insertions, 0 deletions
diff --git a/sapi/cgi/fastcgi.c b/sapi/cgi/fastcgi.c
index 152c8c1629..571cdab772 100644
--- a/sapi/cgi/fastcgi.c
+++ b/sapi/cgi/fastcgi.c
@@ -441,6 +441,7 @@ static int fcgi_read_request(fcgi_request *req)
 	unsigned char buf[FCGI_MAX_LENGTH+8];
 
 	req->keep = 0;
+	req->has_in = 0;
 	req->in_len = 0;
 	req->out_hdr = NULL;
 	req->out_pos = req->out_buf;
@@ -509,6 +510,15 @@ static int fcgi_read_request(fcgi_request *req)
 			len = (hdr.contentLengthB1 << 8) | hdr.contentLengthB0;
 			padding = hdr.paddingLength;
 		}
+		if (safe_read(req, &hdr, sizeof(fcgi_header)) != sizeof(fcgi_header) ||
+		    hdr.version < FCGI_VERSION_1 ||
+		    hdr.type != FCGI_STDIN) {
+			req->keep = 0;
+			return 0;
+		}
+		req->in_len = (hdr.contentLengthB1 << 8) | hdr.contentLengthB0;
+		req->in_pad = hdr.paddingLength;
+		req->has_in = (req->in_len != 0);
 	} else if (hdr.type == FCGI_GET_VALUES) {
 		int i, j;
 		int name_len;
@@ -551,6 +561,9 @@ int fcgi_read(fcgi_request *req, char *str, int len)
 	fcgi_header hdr;
 	unsigned char buf[8];
 
+	if (!req->has_in) {
+		return 0;
+	}
 	n = 0;
 	rest = len;
 	while (rest > 0) {
author	Dmitry Stogov <dmitry@php.net>	2006-04-27 11:39:32 +0000
committer	Dmitry Stogov <dmitry@php.net>	2006-04-27 11:39:32 +0000
commit	ff452441e20445a3f829d8b5c6aaddfca84e2073 (patch)
tree	f41d9aadd00aa005c90202cae9711b1e36652b8d /sapi/cgi/fastcgi.c
parent	522ce80071e992132f549bd5dd41de43f50ccc55 (diff)
download	php-git-ff452441e20445a3f829d8b5c6aaddfca84e2073.tar.gz