Security fix: Put '\0' string termination before loop

author: Uwe Schindler <thetaphi@php.net> 2004-05-03 12:23:25 +0000
committer: Uwe Schindler <thetaphi@php.net> 2004-05-03 12:23:25 +0000
commit: b39a1e5195c5c8adc6a2ddd5c233efe3347982f3 (patch)
tree: 1a273430f39acd9976485be84a57d0c570dc5c7e /sapi
parent: fc4500f7ec7bc489824ae9dda5680c4a4a201bc3 (diff)
download: php-git-b39a1e5195c5c8adc6a2ddd5c233efe3347982f3.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/sapi/nsapi/nsapi.c b/sapi/nsapi/nsapi.c
index 6ead0b747c..1855412262 100644
--- a/sapi/nsapi/nsapi.c
+++ b/sapi/nsapi/nsapi.c
@@ -617,13 +617,13 @@ static void sapi_nsapi_register_server_variables(zval *track_vars_array TSRMLS_D
 		while (entry) {
 			if (!PG(safe_mode) || strncasecmp(entry->param->name, "authorization", 13)) {
 				snprintf(buf, NS_BUF_SIZE, "HTTP_%s", entry->param->name);
+				buf[NS_BUF_SIZE]='\0';
 				for(p = buf + 5; *p; p++) {
 					*p = toupper(*p);
 					if (*p < 'A' || *p > 'Z') {
 						*p = '_';
 					}
 				}
-				buf[NS_BUF_SIZE]='\0';
 				php_register_variable(buf, entry->param->value, track_vars_array TSRMLS_CC);
 			}
 			entry=entry->next;
author	Uwe Schindler <thetaphi@php.net>	2004-05-03 12:23:25 +0000
committer	Uwe Schindler <thetaphi@php.net>	2004-05-03 12:23:25 +0000
commit	b39a1e5195c5c8adc6a2ddd5c233efe3347982f3 (patch)
tree	1a273430f39acd9976485be84a57d0c570dc5c7e /sapi
parent	fc4500f7ec7bc489824ae9dda5680c4a4a201bc3 (diff)
download	php-git-b39a1e5195c5c8adc6a2ddd5c233efe3347982f3.tar.gz