summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Esser <sesser@php.net>2003-02-11 21:41:32 +0000
committerStefan Esser <sesser@php.net>2003-02-11 21:41:32 +0000
commitd2c550e991cbd0eeaa76df0163b09626763fe45f (patch)
tree5987106566769ecc34d443eb61583f01fd3a66fd
parentfdba676769b835f6c05eacfd73d2d42b943196f0 (diff)
downloadphp-git-d2c550e991cbd0eeaa76df0163b09626763fe45f.tar.gz
8 + 20 + 1 + 1 = 30
There was no Bufferoverflow on 64bit systems. And the "fix" broke the header code on systems with old style snprintf.
Diffstat
-rw-r--r--main/SAPI.c10
1 files changed, 3 insertions, 7 deletions
diff --git a/main/SAPI.c b/main/SAPI.c
index dedd65c462..692a52a919 100644
--- a/main/SAPI.c
+++ b/main/SAPI.c
@@ -619,18 +619,14 @@ SAPI_API int sapi_header_op(sapi_header_op_enum op, void *arg TSRMLS_DC)
0, &result_len, -1 TSRMLS_CC);
if(result_len==ptr_len) {
char *lower_temp = estrdup(ptr);
- char conv_temp[64];
+ char conv_temp[32];
int conv_len;
php_strtolower(lower_temp,strlen(lower_temp));
/* If there is no realm string at all, append one */
if(!strstr(lower_temp,"realm")) {
efree(result);
- conv_len = snprintf(conv_temp, sizeof(conv_temp), " realm=\"%ld\"",myuid);
- /* some broken snprintf() impls may return a negative value on failure */
- if (conv_len < 0) {
- conv_len = 0;
- }
+ conv_len = sprintf(conv_temp, sizeof(conv_temp), " realm=\"%ld\"",myuid);
result = emalloc(ptr_len+conv_len+1);
result_len = ptr_len+conv_len;
memcpy(result, ptr, ptr_len);
@@ -653,7 +649,7 @@ SAPI_API int sapi_header_op(sapi_header_op_enum op, void *arg TSRMLS_DC)
#else
{
myuid = php_getuid();
- result = emalloc(32);
+ result = emalloc(sizeof("WWW-Authenticate: ")+20);
newlen = sprintf(result, "WWW-Authenticate: %ld", myuid);
newheader = estrndup(result,newlen);
efree(header_line);
View Lorry Controller Status