diff options
author | Stanislav Malyshev <stas@php.net> | 2018-02-26 22:26:55 -0800 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2018-02-26 22:26:55 -0800 |
commit | ab9f9b5d3bfe12d13a06120e34ceb552659cb7da (patch) | |
tree | df17d9a7af4c9d88f0622cfe2ddf71048a7132e6 /ext/standard/tests | |
parent | feef20271821c98d777b242d1cc62a794f857a7a (diff) | |
parent | a6f7760d57ac54498f8ed4a86bf174f0c9f960ad (diff) | |
download | php-git-ab9f9b5d3bfe12d13a06120e34ceb552659cb7da.tar.gz |
Merge branch 'PHP-7.1' into PHP-7.2
* PHP-7.1:
Fix bug #75981: prevent reading beyond buffer start
Diffstat (limited to 'ext/standard/tests')
-rw-r--r-- | ext/standard/tests/http/bug75981.phpt | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/ext/standard/tests/http/bug75981.phpt b/ext/standard/tests/http/bug75981.phpt new file mode 100644 index 0000000000..d415de66b9 --- /dev/null +++ b/ext/standard/tests/http/bug75981.phpt @@ -0,0 +1,32 @@ +--TEST-- +Bug #75981 (stack-buffer-overflow while parsing HTTP response) +--INI-- +allow_url_fopen=1 +--SKIPIF-- +<?php require 'server.inc'; http_server_skipif('tcp://127.0.0.1:12342'); ?> +--FILE-- +<?php +require 'server.inc'; + +$options = [ + 'http' => [ + 'protocol_version' => '1.1', + 'header' => 'Connection: Close' + ], +]; + +$ctx = stream_context_create($options); + +$responses = [ + "data://text/plain,000000000100\xA\xA" +]; +$pid = http_server('tcp://127.0.0.1:12342', $responses); + +echo @file_get_contents('http://127.0.0.1:12342/', false, $ctx); + +http_server_kill($pid); + +?> +DONE +--EXPECT-- +DONE |