diff options
| author | Uwe Schindler <thetaphi@php.net> | 2004-05-03 12:22:54 +0000 |
|---|---|---|
| committer | Uwe Schindler <thetaphi@php.net> | 2004-05-03 12:22:54 +0000 |
| commit | ba9faa42a01bbf7d89adabf5355807152e946993 (patch) | |
| tree | e1b3592aa23a99835fa44bbd28eb5ef92fd9478e | |
| parent | 164703f306552c4462bab30ae5cb038e0bfe7079 (diff) | |
| download | php-git-ba9faa42a01bbf7d89adabf5355807152e946993.tar.gz | |
Security fix: Put '\0' string termination before loop
| -rw-r--r-- | sapi/nsapi/nsapi.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sapi/nsapi/nsapi.c b/sapi/nsapi/nsapi.c index 801bccb83c..bc2f82a90a 100644 --- a/sapi/nsapi/nsapi.c +++ b/sapi/nsapi/nsapi.c @@ -617,13 +617,13 @@ static void sapi_nsapi_register_server_variables(zval *track_vars_array TSRMLS_D while (entry) { if (!PG(safe_mode) || strncasecmp(entry->param->name, "authorization", 13)) { snprintf(buf, NS_BUF_SIZE, "HTTP_%s", entry->param->name); + buf[NS_BUF_SIZE]='\0'; for(p = buf + 5; *p; p++) { *p = toupper(*p); if (*p < 'A' || *p > 'Z') { *p = '_'; } } - buf[NS_BUF_SIZE]='\0'; php_register_variable(buf, entry->param->value, track_vars_array TSRMLS_CC); } entry=entry->next; |