diff options
author | Antony Dovgal <tony2001@php.net> | 2006-04-13 11:26:10 +0000 |
---|---|---|
committer | Antony Dovgal <tony2001@php.net> | 2006-04-13 11:26:10 +0000 |
commit | 65fcbcbdc080eadbce9046c48b99596b0cdf2c71 (patch) | |
tree | e37ecd46d3be99c3797d4e28fd26e385b90a55b2 | |
parent | f897cff4807fe994275ed08429700b5e9decc8e7 (diff) | |
download | php-git-65fcbcbdc080eadbce9046c48b99596b0cdf2c71.tar.gz |
fix bug #37061 (curl_exec() doesn't zero-terminate binary strings) - we get the data length from cURL, so it's binary safe.
fix leak appearing when re-using curl handle
-rw-r--r-- | NEWS | 1 | ||||
-rw-r--r-- | ext/curl/interface.c | 16 | ||||
-rw-r--r-- | ext/curl/multi.c | 7 |
3 files changed, 12 insertions, 12 deletions
@@ -1,6 +1,7 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? Apr 2006, PHP 5.1.3 +- Fixed bug #37061 (curl_exec() doesn't zero-terminate binary strings). (Tony) - Fixed bug #37060 (Type of retval of Countable::count() is not checked). (Johannes) - FIxed bug #37059 (oci_bind_by_name() doesn't support RAW and LONG RAW diff --git a/ext/curl/interface.c b/ext/curl/interface.c index 5a4706fb6a..62375483e0 100644 --- a/ext/curl/interface.c +++ b/ext/curl/interface.c @@ -1208,6 +1208,8 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu if (Z_LVAL_PP(zvalue)) { ch->handlers->write->type = PHP_CURL_BINARY; + } else { + ch->handlers->write->type = PHP_CURL_ASCII; } break; case CURLOPT_WRITEFUNCTION: @@ -1462,7 +1464,7 @@ PHP_FUNCTION(curl_setopt_array) void _php_curl_cleanup_handle(php_curl *ch) { if (ch->handlers->write->buf.len > 0) { - memset(&ch->handlers->write->buf, 0, sizeof(smart_str)); + smart_str_free(&ch->handlers->write->buf); } if (ch->header.str_len) { efree(ch->header.str); @@ -1497,7 +1499,6 @@ PHP_FUNCTION(curl_exec) if (ch->handlers->write->buf.len > 0) { smart_str_free(&ch->handlers->write->buf); } - RETURN_FALSE; } @@ -1505,10 +1506,8 @@ PHP_FUNCTION(curl_exec) if (ch->handlers->write->method == PHP_CURL_RETURN && ch->handlers->write->buf.len > 0) { --ch->uses; - if (ch->handlers->write->type != PHP_CURL_BINARY) { - smart_str_0(&ch->handlers->write->buf); - } - RETURN_STRINGL(ch->handlers->write->buf.c, ch->handlers->write->buf.len, 0); + smart_str_0(&ch->handlers->write->buf); + RETURN_STRINGL(ch->handlers->write->buf.c, ch->handlers->write->buf.len, 1); } --ch->uses; RETURN_TRUE; @@ -1739,6 +1738,9 @@ static void _php_curl_close(zend_rsrc_list_entry *rsrc TSRMLS_DC) zend_llist_clean(&ch->to_free.slist); zend_llist_clean(&ch->to_free.post); + if (ch->handlers->write->buf.len > 0) { + smart_str_free(&ch->handlers->write->buf); + } if (ch->handlers->write->func_name) { zval_ptr_dtor(&ch->handlers->write->func_name); } @@ -1754,7 +1756,7 @@ static void _php_curl_close(zend_rsrc_list_entry *rsrc TSRMLS_DC) if (ch->header.str_len > 0) { efree(ch->header.str); } - + efree(ch->handlers->write); efree(ch->handlers->write_header); efree(ch->handlers->read); diff --git a/ext/curl/multi.c b/ext/curl/multi.c index d10f188a80..ef91948a28 100644 --- a/ext/curl/multi.c +++ b/ext/curl/multi.c @@ -195,11 +195,8 @@ PHP_FUNCTION(curl_multi_getcontent) ZEND_FETCH_RESOURCE(ch, php_curl *, &z_ch, -1, le_curl_name, le_curl); if (ch->handlers->write->method == PHP_CURL_RETURN && ch->handlers->write->buf.len > 0) { - if (ch->handlers->write->type != PHP_CURL_BINARY) { - smart_str_0(&ch->handlers->write->buf); - } - - RETURN_STRINGL(ch->handlers->write->buf.c, ch->handlers->write->buf.len, 0); + smart_str_0(&ch->handlers->write->buf); + RETURN_STRINGL(ch->handlers->write->buf.c, ch->handlers->write->buf.len, 1); } } |