- Fixed possible stack buffer overflow in FastCGI SAPI. (Andrey Nigmatulin)

- Fixed sending of uninitialized paddings which may contain some information. (Andrey Nigmatulin)
author: Dmitry Stogov <dmitry@php.net> 2008-04-03 10:24:58 +0000
committer: Dmitry Stogov <dmitry@php.net> 2008-04-03 10:24:58 +0000
commit: 9e4d03885eb7d42b6fdb40882d17db2c13cd9b5a (patch)
tree: 27b92e38fa7338dfd53f23f9470ffd776afb0904 /sapi/cgi/fastcgi.c
parent: d9253f7424f35b6736866477896700e419e2edd9 (diff)
download: php-git-9e4d03885eb7d42b6fdb40882d17db2c13cd9b5a.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/sapi/cgi/fastcgi.c b/sapi/cgi/fastcgi.c
index ceb5edea9e..ed9afcea83 100644
--- a/sapi/cgi/fastcgi.c
+++ b/sapi/cgi/fastcgi.c
@@ -593,6 +593,9 @@ static inline int fcgi_make_header(fcgi_header *hdr, fcgi_request_type type, int
 	hdr->reserved = 0;
 	hdr->type = type;
 	hdr->version = FCGI_VERSION_1;
+	if (pad) {
+		memset(((unsigned char*)hdr) + sizeof(fcgi_header) + len, 0, pad);
+	}
 	return pad;
 }
 
@@ -777,7 +780,7 @@ int fcgi_read(fcgi_request *req, char *str, int len)
 {
 	int ret, n, rest;
 	fcgi_header hdr;
-	unsigned char buf[8];
+	unsigned char buf[255];
 
 	n = 0;
 	rest = len;
author	Dmitry Stogov <dmitry@php.net>	2008-04-03 10:24:58 +0000
committer	Dmitry Stogov <dmitry@php.net>	2008-04-03 10:24:58 +0000
commit	9e4d03885eb7d42b6fdb40882d17db2c13cd9b5a (patch)
tree	27b92e38fa7338dfd53f23f9470ffd776afb0904 /sapi/cgi/fastcgi.c
parent	d9253f7424f35b6736866477896700e419e2edd9 (diff)
download	php-git-9e4d03885eb7d42b6fdb40882d17db2c13cd9b5a.tar.gz