diff options
| author | Stanislav Malyshev <stas@php.net> | 2012-05-07 12:24:22 -0700 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2012-05-08 10:19:23 -0700 |
| commit | 20364bcff9f38bed83245d785cc8ec3a072e4da5 (patch) | |
| tree | 2da06a0fcf2a1654edc9d360f0df4bccffdbd6f9 /sapi/cgi/tests | |
| parent | 0b4d7a455d8f2bffaa9c4f9cbd7aff8e3e740fe8 (diff) | |
| download | php-git-20364bcff9f38bed83245d785cc8ec3a072e4da5.tar.gz | |
fix bug #61807 - Buffer Overflow in apache_request_headers
Diffstat (limited to 'sapi/cgi/tests')
| -rw-r--r-- | sapi/cgi/tests/apache_request_headers.phpt | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/sapi/cgi/tests/apache_request_headers.phpt b/sapi/cgi/tests/apache_request_headers.phpt new file mode 100644 index 0000000000..37e077e949 --- /dev/null +++ b/sapi/cgi/tests/apache_request_headers.phpt @@ -0,0 +1,49 @@ +--TEST-- +apache_request_headers() stack overflow. +--SKIPIF-- +<?php +include "skipif.inc"; +?> +--FILE-- +<?php +include "include.inc"; + +$php = get_cgi_path(); +reset_env_vars(); + +$file = dirname(__FILE__)."/012.test.php"; + +file_put_contents($file, '<?php print_r(apache_request_headers()); ?>'); + +passthru("$php $file"); + +$names = array('HTTP_X_TEST', 'HTTP_X__TEST', 'HTTP_X_'); +foreach ($names as $name) { + putenv($name."=".str_repeat("A", 256)); + passthru("$php -q $file"); + putenv($name); +} +unlink($file); + +echo "Done\n"; +?> +--EXPECTF-- +X-Powered-By: PHP/%s +Content-type: text/html + +Array +( +) +Array +( + [X-Test] => AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +) +Array +( + [X--Test] => AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +) +Array +( + [X-] => AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +) +Done |