summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIlia Alshanetsky <iliaa@php.net>2008-02-28 00:29:29 +0000
committerIlia Alshanetsky <iliaa@php.net>2008-02-28 00:29:29 +0000
commit9c3f699ed8dbe9f317255855a4201f50df335858 (patch)
tree975f2d75e230b12a69d3874beff5b4aa12c5fc8b
parent0c0fb4be83407cebff49010bf39415ac4a1c39d2 (diff)
downloadphp-git-9c3f699ed8dbe9f317255855a4201f50df335858.tar.gz
Fixed security issue detailed in CVE-2008-0599
Diffstat
-rw-r--r--NEWS3
-rw-r--r--sapi/cgi/cgi_main.c2
2 files changed, 3 insertions, 2 deletions
diff --git a/NEWS b/NEWS
index 3305e03bd3..675d9e1664 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,7 @@
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-?? ??? 2008, PHP 5.2.6
+27 Feb 2008, PHP 5.2.6RC1
+- Fixed security issue detailed in CVE-2008-0599. (Rasmus)
- Fixed potential memleak in stream filter parameter for zlib filter (Greg)
- Added Reflection API metadata for the methods of the DOM classes. (Sebastian)
- Fixed weired behavior in CGI parameter parsing. (Dmitry, Hannes Magnusson)
diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
index 660df6336e..e9cfe31403 100644
--- a/sapi/cgi/cgi_main.c
+++ b/sapi/cgi/cgi_main.c
@@ -1017,7 +1017,7 @@ static void init_request_info(TSRMLS_D)
) {
/* PATH_TRANSLATED = PATH_TRANSLATED - SCRIPT_NAME + PATH_INFO */
int ptlen = strlen(pt) - strlen(env_script_name);
- int path_translated_len = ptlen + env_path_info ? strlen(env_path_info) : 0;
+ int path_translated_len = ptlen + (env_path_info ? strlen(env_path_info) : 0);
char *path_translated = NULL;
path_translated = (char *) emalloc(path_translated_len + 1);
View Lorry Controller Status