From d7d0d0724c5de6397a4c9999568bc1fd7105ef5f Mon Sep 17 00:00:00 2001
From: Xinchen Hui <laruence@php.net>
Date: Thu, 3 Nov 2011 07:26:09 +0000
Subject: Fixed bug #60206 (possible integer overflow in content_length)

---
 sapi/apache2handler/sapi_apache2.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'sapi/apache2handler/sapi_apache2.c')

diff --git a/sapi/apache2handler/sapi_apache2.c b/sapi/apache2handler/sapi_apache2.c
index a7f250d512..bb772b24c1 100644
--- a/sapi/apache2handler/sapi_apache2.c
+++ b/sapi/apache2handler/sapi_apache2.c
@@ -483,7 +483,7 @@ static int php_apache_request_ctor(request_rec *r, php_struct *ctx TSRMLS_DC)
 	r->no_local_copy = 1;
 
 	content_length = (char *) apr_table_get(r->headers_in, "Content-Length");
-	SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
+	SG(request_info).content_length = (content_length ? atol(content_length) : 0);
 
 	apr_table_unset(r->headers_out, "Content-Length");
 	apr_table_unset(r->headers_out, "Last-Modified");
-- 
cgit v1.2.1