diff options
author | Adam Harvey <aharvey@php.net> | 2015-01-06 01:23:27 +0000 |
---|---|---|
committer | Adam Harvey <aharvey@php.net> | 2015-01-06 01:23:27 +0000 |
commit | 448ef30f75988384b84cdb88bbb3a1a56b9534da (patch) | |
tree | 52c00fc2c4a955775877e217390b5b01a48faa3b | |
parent | 0cc2810498a56e263f2e1dd77f1f42e6c53dc99e (diff) | |
download | php-git-448ef30f75988384b84cdb88bbb3a1a56b9534da.tar.gz |
Handle NULL strings in sapi_cli_server_register_variable().
Fixes bug #68745 (Invalid HTTP requests make web server segfault).
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | sapi/cli/php_cli_server.c | 5 | ||||
-rw-r--r-- | sapi/cli/tests/bug68745.phpt | 34 |
3 files changed, 42 insertions, 0 deletions
@@ -23,6 +23,9 @@ PHP NEWS - CGI: . Fix bug #68618 (out of bounds read crashes php-cgi). (Stas) +- CLI server: + . Fix bug #68745 (Invalid HTTP requests make web server segfault). (Adam) + - cURL: . Fixed bug #67643 (curl_multi_getcontent returns '' when CURLOPT_RETURNTRANSFER isn't set). (Jille Timmermans) diff --git a/sapi/cli/php_cli_server.c b/sapi/cli/php_cli_server.c index 5e38fa53d3..5bfadf16c4 100644 --- a/sapi/cli/php_cli_server.c +++ b/sapi/cli/php_cli_server.c @@ -708,6 +708,11 @@ static void sapi_cli_server_register_variable(zval *track_vars_array, const char { char *new_val = (char *)val; uint new_val_len; + + if (NULL == val) { + return; + } + if (sapi_module.input_filter(PARSE_SERVER, (char*)key, &new_val, strlen(val), &new_val_len TSRMLS_CC)) { php_register_variable_safe((char *)key, new_val, new_val_len, track_vars_array TSRMLS_CC); } diff --git a/sapi/cli/tests/bug68745.phpt b/sapi/cli/tests/bug68745.phpt new file mode 100644 index 0000000000..f52e6bcc74 --- /dev/null +++ b/sapi/cli/tests/bug68745.phpt @@ -0,0 +1,34 @@ +--TEST-- +Bug #68745 (Invalid HTTP requests make web server segfault) +--SKIPIF-- +<?php +include "skipif.inc"; +?> +--FILE-- +<?php +include "php_cli_server.inc"; +php_cli_server_start('var_dump(count($_SERVER));', 'not-index.php'); + +list($host, $port) = explode(':', PHP_CLI_SERVER_ADDRESS); +$port = intval($port)?:80; + +$fp = fsockopen($host, $port, $errno, $errstr, 0.5); +if (!$fp) { + die("connect failed"); +} + +if(fwrite($fp, "GET www.example.com:80 HTTP/1.1\r\n\r\n")) { + while (!feof($fp)) { + echo fgets($fp); + } +} + +fclose($fp); +?> +--EXPECTF-- +HTTP/1.1 200 OK +Connection: close +X-Powered-By: %s +Content-type: text/html + +int(%d) |