Fixed bug #39623 (thread safety fixes on *nix for putenv() & mime_magic).

2 files changed, 5 insertions, 4 deletions

diff --git a/ext/mime_magic/mime_magic.c b/ext/mime_magic/mime_magic.c
index b34418ef5d..d4ef4dbec0 100644
--- a/ext/mime_magic/mime_magic.c
+++ b/ext/mime_magic/mime_magic.c
@@ -1388,6 +1388,7 @@ static int ascmagic(unsigned char *buf, int nbytes)
     char *token;
     register struct names *p;
     int small_nbytes;
+    char *strtok_buf = NULL;
 
     /* these are easy, do them first */
 
@@ -1420,8 +1421,7 @@ static int ascmagic(unsigned char *buf, int nbytes)
     s = (unsigned char *) memcpy(nbuf, buf, small_nbytes);
     s[small_nbytes] = '\0';
     has_escapes = (memchr(s, '\033', small_nbytes) != NULL);
-    /* XXX: not multithread safe */
-    while ((token = strtok((char *) s, " \t\n\r\f")) != NULL) {
+    while ((token = php_strtok_r((char *) s, " \t\n\r\f", &strtok_buf)) != NULL) {
 		s = NULL;		/* make strtok() keep on tokin' */
 		for (p = names; p < names + NNAMES; p++) {
 			if (STREQ(p->name, token)) {
diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c
index ce939e1ada..49754349a8 100644
--- a/ext/standard/basic_functions.c
+++ b/ext/standard/basic_functions.c
@@ -4398,7 +4398,8 @@ PHP_FUNCTION(putenv)
 			/* Check the allowed list */
 			if (BG(sm_allowed_env_vars) && *BG(sm_allowed_env_vars)) {
 				char *allowed_env_vars = estrdup(BG(sm_allowed_env_vars));
-				char *allowed_prefix = strtok(allowed_env_vars, ", ");
+				char *strtok_buf = NULL;
+				char *allowed_prefix = php_strtok_r(allowed_env_vars, ", ", &strtok_buf);
 				zend_bool allowed = 0;
 
 				while (allowed_prefix) {
@@ -4406,7 +4407,7 @@ PHP_FUNCTION(putenv)
 						allowed = 1;
 						break;
 					}
-					allowed_prefix = strtok(NULL, ", ");
+					allowed_prefix = php_strtok_r(NULL, ", ", &strtok_buf);
 				}
 				efree(allowed_env_vars);
 				if (!allowed) {