diff options
| author | Xinchen Hui <laruence@php.net> | 2011-11-03 07:26:09 +0000 |
|---|---|---|
| committer | Xinchen Hui <laruence@php.net> | 2011-11-03 07:26:09 +0000 |
| commit | a391535e00eccc508d3d10d529f0b803a0425e8c (patch) | |
| tree | a4e96f88a40ca9abe4169c2ae02c01d021e56741 | |
| parent | 6c01aacc0d971fc35536268fb0f7b810900fa4c6 (diff) | |
| download | php-git-a391535e00eccc508d3d10d529f0b803a0425e8c.tar.gz | |
Fixed bug #60206 (possible integer overflow in content_length)
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | sapi/apache/mod_php5.c | 2 | ||||
| -rw-r--r-- | sapi/apache2filter/sapi_apache2.c | 2 | ||||
| -rw-r--r-- | sapi/apache2handler/sapi_apache2.c | 2 | ||||
| -rw-r--r-- | sapi/apache_hooks/mod_php5.c | 2 | ||||
| -rw-r--r-- | sapi/cgi/cgi_main.c | 2 | ||||
| -rw-r--r-- | sapi/fpm/fpm/fpm_main.c | 2 |
7 files changed, 9 insertions, 6 deletions
@@ -137,6 +137,9 @@ PHP NEWS - FTP: . Fixed bug #60183 (out of sync ftp responses). (bram at ebskamp dot me, rasmus) +- SAPI: + . Fixed bug #60205 (possible integer overflow in content_length). (Laruence) + 23 Aug 2011, PHP 5.3.8 diff --git a/sapi/apache/mod_php5.c b/sapi/apache/mod_php5.c index 3ee213ba4a..0d9bd5cf24 100644 --- a/sapi/apache/mod_php5.c +++ b/sapi/apache/mod_php5.c @@ -533,7 +533,7 @@ static void init_request_info(TSRMLS_D) SG(request_info).request_uri = r->uri; SG(request_info).request_method = (char *)r->method; SG(request_info).content_type = (char *) table_get(r->subprocess_env, "CONTENT_TYPE"); - SG(request_info).content_length = (content_length ? atoi(content_length) : 0); + SG(request_info).content_length = (content_length ? atol(content_length) : 0); SG(sapi_headers).http_response_code = r->status; SG(request_info).proto_num = r->proto_num; diff --git a/sapi/apache2filter/sapi_apache2.c b/sapi/apache2filter/sapi_apache2.c index 7150ec0493..fe75312fb3 100644 --- a/sapi/apache2filter/sapi_apache2.c +++ b/sapi/apache2filter/sapi_apache2.c @@ -420,7 +420,7 @@ static void php_apache_request_ctor(ap_filter_t *f, php_struct *ctx TSRMLS_DC) efree(content_type); content_length = (char *) apr_table_get(f->r->headers_in, "Content-Length"); - SG(request_info).content_length = (content_length ? atoi(content_length) : 0); + SG(request_info).content_length = (content_length ? atol(content_length) : 0); apr_table_unset(f->r->headers_out, "Content-Length"); apr_table_unset(f->r->headers_out, "Last-Modified"); diff --git a/sapi/apache2handler/sapi_apache2.c b/sapi/apache2handler/sapi_apache2.c index 9d73174671..a7cd879278 100644 --- a/sapi/apache2handler/sapi_apache2.c +++ b/sapi/apache2handler/sapi_apache2.c @@ -484,7 +484,7 @@ static int php_apache_request_ctor(request_rec *r, php_struct *ctx TSRMLS_DC) r->no_local_copy = 1; content_length = (char *) apr_table_get(r->headers_in, "Content-Length"); - SG(request_info).content_length = (content_length ? atoi(content_length) : 0); + SG(request_info).content_length = (content_length ? atol(content_length) : 0); apr_table_unset(r->headers_out, "Content-Length"); apr_table_unset(r->headers_out, "Last-Modified"); diff --git a/sapi/apache_hooks/mod_php5.c b/sapi/apache_hooks/mod_php5.c index 7572b6f5cb..24ff7147df 100644 --- a/sapi/apache_hooks/mod_php5.c +++ b/sapi/apache_hooks/mod_php5.c @@ -587,7 +587,7 @@ static void init_request_info(TSRMLS_D) SG(request_info).request_method = (char *)r->method; SG(request_info).proto_num = r->proto_num; SG(request_info).content_type = (char *) table_get(r->subprocess_env, "CONTENT_TYPE"); - SG(request_info).content_length = (content_length ? atoi(content_length) : 0); + SG(request_info).content_length = (content_length ? atol(content_length) : 0); SG(sapi_headers).http_response_code = r->status; if (r->headers_in) { diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c index 0e108af6fa..6f5479bd16 100644 --- a/sapi/cgi/cgi_main.c +++ b/sapi/cgi/cgi_main.c @@ -1353,7 +1353,7 @@ static void init_request_info(TSRMLS_D) /* FIXME - Work out proto_num here */ SG(request_info).query_string = sapi_cgibin_getenv("QUERY_STRING", sizeof("QUERY_STRING")-1 TSRMLS_CC); SG(request_info).content_type = (content_type ? content_type : "" ); - SG(request_info).content_length = (content_length ? atoi(content_length) : 0); + SG(request_info).content_length = (content_length ? atol(content_length) : 0); /* The CGI RFC allows servers to pass on unvalidated Authorization data */ auth = sapi_cgibin_getenv("HTTP_AUTHORIZATION", sizeof("HTTP_AUTHORIZATION")-1 TSRMLS_CC); diff --git a/sapi/fpm/fpm/fpm_main.c b/sapi/fpm/fpm/fpm_main.c index a0249405ac..f6fdc6e8b9 100644 --- a/sapi/fpm/fpm/fpm_main.c +++ b/sapi/fpm/fpm/fpm_main.c @@ -1332,7 +1332,7 @@ static void init_request_info(TSRMLS_D) /* FIXME - Work out proto_num here */ SG(request_info).query_string = sapi_cgibin_getenv("QUERY_STRING", sizeof("QUERY_STRING") - 1 TSRMLS_CC); SG(request_info).content_type = (content_type ? content_type : "" ); - SG(request_info).content_length = (content_length ? atoi(content_length) : 0); + SG(request_info).content_length = (content_length ? atol(content_length) : 0); /* The CGI RFC allows servers to pass on unvalidated Authorization data */ auth = sapi_cgibin_getenv("HTTP_AUTHORIZATION", sizeof("HTTP_AUTHORIZATION") - 1 TSRMLS_CC); |