diff options
author | Jakub Zelenka <bukka@php.net> | 2018-03-18 19:16:30 +0000 |
---|---|---|
committer | Jakub Zelenka <bukka@php.net> | 2018-03-30 17:20:19 +0100 |
commit | 0be5b9e6b046ae8f18bcddda49d3b49b8a199663 (patch) | |
tree | d8d716b03a0482cb4171b467c578bb74868428bd | |
parent | 008eb1461c6d64d58413af2b4a43a8e7391c545e (diff) | |
download | php-git-0be5b9e6b046ae8f18bcddda49d3b49b8a199663.tar.gz |
Prevent modifying of getenv result
-rw-r--r-- | sapi/fpm/fpm/fpm_sockets.c | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/sapi/fpm/fpm/fpm_sockets.c b/sapi/fpm/fpm/fpm_sockets.c index c1049b577a..de0f479afc 100644 --- a/sapi/fpm/fpm/fpm_sockets.c +++ b/sapi/fpm/fpm/fpm_sockets.c @@ -348,6 +348,7 @@ int fpm_sockets_init_main() /* {{{ */ unsigned i, lq_len; struct fpm_worker_pool_s *wp; char sockname[32]; + char sockpath[256]; char *inherited; struct listening_socket_s *ls; @@ -363,7 +364,9 @@ int fpm_sockets_init_main() /* {{{ */ sprintf(sockname, "FPM_SOCKETS_%d", i); } inherited = getenv(sockname); - if (!inherited) break; + if (!inherited) { + break; + } while (inherited && *inherited) { char *comma = strchr(inherited, ','); @@ -376,11 +379,17 @@ int fpm_sockets_init_main() /* {{{ */ eq = strchr(inherited, '='); if (eq) { - *eq = '\0'; + int sockpath_len = eq - inherited; + if (sockpath_len > 255) { + /* this should never happen as UDS limit is lower */ + sockpath_len = 255; + } + memcpy(sockpath, inherited, sockpath_len); + sockpath[sockpath_len] = '\0'; fd_no = atoi(eq + 1); - type = fpm_sockets_domain_from_address(inherited); - zlog(ZLOG_NOTICE, "using inherited socket fd=%d, \"%s\"", fd_no, inherited); - fpm_sockets_hash_op(fd_no, 0, inherited, type, FPM_STORE_SOCKET); + type = fpm_sockets_domain_from_address(sockpath); + zlog(ZLOG_NOTICE, "using inherited socket fd=%d, \"%s\"", fd_no, sockpath); + fpm_sockets_hash_op(fd_no, 0, sockpath, type, FPM_STORE_SOCKET); } if (comma) { |