diff options
author | Stanislav Malyshev <stas@php.net> | 2014-06-23 00:19:37 -0700 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2014-06-24 10:29:26 -0700 |
commit | 84f9fe0fdcc660d7f2b479b4cd5dd4216e3bc5ff (patch) | |
tree | 0fe895752ae49d443e6dd0983e3ffba286094de0 /ext/standard/info.c | |
parent | b03993dde90b59a6b80ede62a6a268c5b4d390f6 (diff) | |
download | php-git-84f9fe0fdcc660d7f2b479b4cd5dd4216e3bc5ff.tar.gz |
Fix bug #67498 - phpinfo() Type Confusion Information Leak Vulnerability
Diffstat (limited to 'ext/standard/info.c')
-rw-r--r-- | ext/standard/info.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/ext/standard/info.c b/ext/standard/info.c index 03ced35fb3..0626a7067b 100644 --- a/ext/standard/info.c +++ b/ext/standard/info.c @@ -866,16 +866,16 @@ PHPAPI void php_print_info(int flag TSRMLS_DC) php_info_print_table_start(); php_info_print_table_header(2, "Variable", "Value"); - if (zend_hash_find(&EG(symbol_table), "PHP_SELF", sizeof("PHP_SELF"), (void **) &data) != FAILURE) { + if (zend_hash_find(&EG(symbol_table), "PHP_SELF", sizeof("PHP_SELF"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { php_info_print_table_row(2, "PHP_SELF", Z_STRVAL_PP(data)); } - if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_TYPE", sizeof("PHP_AUTH_TYPE"), (void **) &data) != FAILURE) { + if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_TYPE", sizeof("PHP_AUTH_TYPE"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { php_info_print_table_row(2, "PHP_AUTH_TYPE", Z_STRVAL_PP(data)); } - if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_USER", sizeof("PHP_AUTH_USER"), (void **) &data) != FAILURE) { + if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_USER", sizeof("PHP_AUTH_USER"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { php_info_print_table_row(2, "PHP_AUTH_USER", Z_STRVAL_PP(data)); } - if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_PW", sizeof("PHP_AUTH_PW"), (void **) &data) != FAILURE) { + if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_PW", sizeof("PHP_AUTH_PW"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { php_info_print_table_row(2, "PHP_AUTH_PW", Z_STRVAL_PP(data)); } php_print_gpcse_array(ZEND_STRL("_REQUEST") TSRMLS_CC); |