Do not use alloca() where it can be abused through user input.

author: Ilia Alshanetsky <iliaa@php.net> 2004-06-30 01:12:06 +0000
committer: Ilia Alshanetsky <iliaa@php.net> 2004-06-30 01:12:06 +0000
commit: 690ca62dd39fccb050c3fe3e61da531faf483da4 (patch)
tree: 979e6b8cf0464fcea1689dabef6231940212505e /ext/session/mod_mm.c
parent: 0850c7a3482df0fd2a639b2279a7c549f5cddc6a (diff)
download: php-git-690ca62dd39fccb050c3fe3e61da531faf483da4.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/ext/session/mod_mm.c b/ext/session/mod_mm.c
index be3b8d29f6..f5bdbb57ae 100644
--- a/ext/session/mod_mm.c
+++ b/ext/session/mod_mm.c
@@ -264,7 +264,7 @@ PHP_MINIT_FUNCTION(ps_mm)
 		return FAILURE;
 		
     /* Directory + '/' + File + Module Name + Effective UID + \0 */	
-	ps_mm_path = do_alloca(save_path_len+1+sizeof(PS_MM_FILE)+mod_name_len+strlen(euid)+1);
+	ps_mm_path = emalloc(save_path_len+1+sizeof(PS_MM_FILE)+mod_name_len+strlen(euid)+1);
 	
 	memcpy(ps_mm_path, PS(save_path), save_path_len + 1);
 	if (save_path_len > 0 && ps_mm_path[save_path_len - 1] != DEFAULT_SLASH) {
@@ -277,7 +277,7 @@ PHP_MINIT_FUNCTION(ps_mm)
 	
 	ret = ps_mm_initialize(ps_mm_instance, ps_mm_path);
 		
-	free_alloca(ps_mm_path);
+	efree(ps_mm_path);
    
 	if (ret != SUCCESS) {
 		free(ps_mm_instance);
author	Ilia Alshanetsky <iliaa@php.net>	2004-06-30 01:12:06 +0000
committer	Ilia Alshanetsky <iliaa@php.net>	2004-06-30 01:12:06 +0000
commit	690ca62dd39fccb050c3fe3e61da531faf483da4 (patch)
tree	979e6b8cf0464fcea1689dabef6231940212505e /ext/session/mod_mm.c
parent	0850c7a3482df0fd2a639b2279a7c549f5cddc6a (diff)
download	php-git-690ca62dd39fccb050c3fe3e61da531faf483da4.tar.gz