diff options
author | Ilia Alshanetsky <iliaa@php.net> | 2007-05-20 15:56:10 +0000 |
---|---|---|
committer | Ilia Alshanetsky <iliaa@php.net> | 2007-05-20 15:56:10 +0000 |
commit | 30dd6a45d31cab020dad553bb7b6d4c499b01441 (patch) | |
tree | 0fa2b9e53786ad1ca58b6da33cbd8c05001df7d3 /sapi | |
parent | b65cdd079315b5d28e2df00699915aa703394692 (diff) | |
download | php-git-30dd6a45d31cab020dad553bb7b6d4c499b01441.tar.gz |
Fixed a possible crash when PATH_INFO is not provided but the path contains
path info information
Diffstat (limited to 'sapi')
-rw-r--r-- | sapi/cgi/cgi_main.c | 16 | ||||
-rw-r--r-- | sapi/cgi/tests/009.phpt | 28 |
2 files changed, 38 insertions, 6 deletions
diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c index b59a3994aa..4f28378e6a 100644 --- a/sapi/cgi/cgi_main.c +++ b/sapi/cgi/cgi_main.c @@ -825,8 +825,8 @@ static void init_request_info(TSRMLS_D) * out what SCRIPT_NAME should be */ int slen = len - strlen(pt); - int pilen = strlen(env_path_info); - char *path_info = env_path_info + pilen - slen; + int pilen = env_path_info ? strlen(env_path_info) : 0; + char *path_info = env_path_info ? env_path_info + pilen - slen : NULL; if (orig_path_info != path_info) { if (orig_path_info) { @@ -866,10 +866,12 @@ static void init_request_info(TSRMLS_D) env_script_name = pt + l; /* PATH_TRANSATED = DOCUMENT_ROOT + PATH_INFO */ - path_translated_len = l + strlen(env_path_info); + path_translated_len = l + (env_path_info ? strlen(env_path_info) : 0); path_translated = (char *) emalloc(path_translated_len + 1); memcpy(path_translated, env_document_root, l); - memcpy(path_translated + l, env_path_info, (path_translated_len - l)); + if (env_path_info) { + memcpy(path_translated + l, env_path_info, (path_translated_len - l)); + } path_translated[path_translated_len] = '\0'; if (orig_path_translated) { _sapi_cgibin_putenv("ORIG_PATH_TRANSLATED", orig_path_translated TSRMLS_CC); @@ -881,12 +883,14 @@ static void init_request_info(TSRMLS_D) ) { /* PATH_TRANSATED = PATH_TRANSATED - SCRIPT_NAME + PATH_INFO */ int ptlen = strlen(pt) - strlen(env_script_name); - int path_translated_len = ptlen + strlen(env_path_info); + int path_translated_len = ptlen + env_path_info ? strlen(env_path_info) : 0; char *path_translated = NULL; path_translated = (char *) emalloc(path_translated_len + 1); memcpy(path_translated, pt, ptlen); - memcpy(path_translated + ptlen, env_path_info, path_translated_len - ptlen); + if (env_path_info) { + memcpy(path_translated + ptlen, env_path_info, path_translated_len - ptlen); + } path_translated[path_translated_len] = '\0'; if (orig_path_translated) { _sapi_cgibin_putenv("ORIG_PATH_TRANSLATED", orig_path_translated TSRMLS_CC); diff --git a/sapi/cgi/tests/009.phpt b/sapi/cgi/tests/009.phpt new file mode 100644 index 0000000000..c92fc87a83 --- /dev/null +++ b/sapi/cgi/tests/009.phpt @@ -0,0 +1,28 @@ +--TEST-- +path info request without exported PATH_INFO +--SKIPIF-- +<?php include "skipif.inc"; ?> +--FILE-- +<?php + +include "include.inc"; + +$php = get_cgi_path(); +reset_env_vars(); + +$f = tempnam(sys_get_temp_dir(), 'cgitest'); + +putenv("TRANSLATED_PATH=".$f."/x"); +putenv("SCRIPT_FILENAME=".$f."/x"); +file_put_contents($f, '<?php var_dump($_SERVER["TRANSLATED_PATH"]); '); + +echo (`$php $f`); + +echo "Done\n"; +?> +--EXPECTF-- +X-Powered-By: PHP/%s +Content-type: text/html + +string(%d) "%s/x" +Done |