diff options
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | sapi/cli/php_cli_server.c | 5 | ||||
-rw-r--r-- | sapi/cli/tests/bug61977.phpt | 2 | ||||
-rw-r--r-- | sapi/cli/tests/bug68745.phpt | 34 | ||||
-rw-r--r-- | sapi/cli/tests/php_cli_server.inc | 9 | ||||
-rw-r--r-- | sapi/cli/tests/php_cli_server_009.phpt | 2 | ||||
-rw-r--r-- | sapi/cli/tests/php_cli_server_010.phpt | 2 | ||||
-rw-r--r-- | sapi/cli/tests/php_cli_server_013.phpt | 2 | ||||
-rw-r--r-- | sapi/cli/tests/php_cli_server_014.phpt | 2 |
9 files changed, 51 insertions, 10 deletions
@@ -22,6 +22,9 @@ - CGI: . Fix bug #68618 (out of bounds read crashes php-cgi). (Stas) +- CLI server: + . Fix bug #68745 (Invalid HTTP requests make web server segfault). (Adam) + - cURL: . Fixed bug #67643 (curl_multi_getcontent returns '' when CURLOPT_RETURNTRANSFER isn't set). (Jille Timmermans) diff --git a/sapi/cli/php_cli_server.c b/sapi/cli/php_cli_server.c index f7f1c2bae0..8bfe6772f0 100644 --- a/sapi/cli/php_cli_server.c +++ b/sapi/cli/php_cli_server.c @@ -708,6 +708,11 @@ static void sapi_cli_server_register_variable(zval *track_vars_array, const char { char *new_val = (char *)val; uint new_val_len; + + if (NULL == val) { + return; + } + if (sapi_module.input_filter(PARSE_SERVER, (char*)key, &new_val, strlen(val), &new_val_len TSRMLS_CC)) { php_register_variable_safe((char *)key, new_val, new_val_len, track_vars_array TSRMLS_CC); } diff --git a/sapi/cli/tests/bug61977.phpt b/sapi/cli/tests/bug61977.phpt index 09a6ba6d23..d897737c3c 100644 --- a/sapi/cli/tests/bug61977.phpt +++ b/sapi/cli/tests/bug61977.phpt @@ -7,7 +7,7 @@ include "skipif.inc"; --FILE-- <?php include "php_cli_server.inc"; -php_cli_server_start('<?php ?>', true); +php_cli_server_start('<?php ?>', null); /* * If a Mime Type is added in php_cli_server.c, add it to this array and update diff --git a/sapi/cli/tests/bug68745.phpt b/sapi/cli/tests/bug68745.phpt new file mode 100644 index 0000000000..733d7d0900 --- /dev/null +++ b/sapi/cli/tests/bug68745.phpt @@ -0,0 +1,34 @@ +--TEST-- +Bug #68745 (Invalid HTTP requests make web server segfault) +--SKIPIF-- +<?php +include "skipif.inc"; +?> +--FILE-- +<?php +include "php_cli_server.inc"; +php_cli_server_start('var_dump(count($_SERVER));', 'not-index.php'); + +list($host, $port) = explode(':', PHP_CLI_SERVER_ADDRESS); +$port = intval($port)?:80; + +$fp = fsockopen($host, $port, $errno, $errstr, 0.5); +if (!$fp) { + die("connect failed"); +} + +if(fwrite($fp, "GET www.example.com:80 HTTP/1.1\r\n\r\n")) { + while (!feof($fp)) { + echo fgets($fp); + } +} + +fclose($fp); +?> +--EXPECTF-- +HTTP/1.1 200 OK +Connection: close +X-Powered-By: %s +Content-type: text/html; charset=UTF-8 + +int(%d) diff --git a/sapi/cli/tests/php_cli_server.inc b/sapi/cli/tests/php_cli_server.inc index 77a79e0f04..6b1e90c4dc 100644 --- a/sapi/cli/tests/php_cli_server.inc +++ b/sapi/cli/tests/php_cli_server.inc @@ -3,13 +3,12 @@ define ("PHP_CLI_SERVER_HOSTNAME", "localhost"); define ("PHP_CLI_SERVER_PORT", 8964); define ("PHP_CLI_SERVER_ADDRESS", PHP_CLI_SERVER_HOSTNAME.":".PHP_CLI_SERVER_PORT); -function php_cli_server_start($code = 'echo "Hello world";', $no_router = FALSE, $cmd_args = null) { +function php_cli_server_start($code = 'echo "Hello world";', $router = 'index.php', $cmd_args = null) { $php_executable = getenv('TEST_PHP_EXECUTABLE'); $doc_root = __DIR__; - $router = "index.php"; if ($code) { - file_put_contents($doc_root . '/' . $router, '<?php ' . $code . ' ?>'); + file_put_contents($doc_root . '/' . ($router ?: 'index.php'), '<?php ' . $code . ' ?>'); } $descriptorspec = array( @@ -20,14 +19,14 @@ function php_cli_server_start($code = 'echo "Hello world";', $no_router = FALSE, if (substr(PHP_OS, 0, 3) == 'WIN') { $cmd = "{$php_executable} -t {$doc_root} -n {$cmd_args} -S " . PHP_CLI_SERVER_ADDRESS; - if (!$no_router) { + if (!is_null($router)) { $cmd .= " {$router}"; } $handle = proc_open(addslashes($cmd), $descriptorspec, $pipes, $doc_root, NULL, array("bypass_shell" => true, "suppress_errors" => true)); } else { $cmd = "exec {$php_executable} -t {$doc_root} -n {$cmd_args} -S " . PHP_CLI_SERVER_ADDRESS; - if (!$no_router) { + if (!is_null($router)) { $cmd .= " {$router}"; } $cmd .= " 2>/dev/null"; diff --git a/sapi/cli/tests/php_cli_server_009.phpt b/sapi/cli/tests/php_cli_server_009.phpt index 231797160f..7f3009b9bd 100644 --- a/sapi/cli/tests/php_cli_server_009.phpt +++ b/sapi/cli/tests/php_cli_server_009.phpt @@ -10,7 +10,7 @@ include "skipif.inc"; --FILE-- <?php include "php_cli_server.inc"; -php_cli_server_start('var_dump($_SERVER["PATH_INFO"]);', TRUE); +php_cli_server_start('var_dump($_SERVER["PATH_INFO"]);', null); list($host, $port) = explode(':', PHP_CLI_SERVER_ADDRESS); $port = intval($port)?:80; diff --git a/sapi/cli/tests/php_cli_server_010.phpt b/sapi/cli/tests/php_cli_server_010.phpt index 30e6d047a7..ce3abeb501 100644 --- a/sapi/cli/tests/php_cli_server_010.phpt +++ b/sapi/cli/tests/php_cli_server_010.phpt @@ -7,7 +7,7 @@ include "skipif.inc"; --FILE-- <?php include "php_cli_server.inc"; -php_cli_server_start('var_dump($_SERVER["PHP_SELF"], $_SERVER["SCRIPT_NAME"], $_SERVER["PATH_INFO"], $_SERVER["QUERY_STRING"]);', TRUE); +php_cli_server_start('var_dump($_SERVER["PHP_SELF"], $_SERVER["SCRIPT_NAME"], $_SERVER["PATH_INFO"], $_SERVER["QUERY_STRING"]);', null); list($host, $port) = explode(':', PHP_CLI_SERVER_ADDRESS); $port = intval($port)?:80; diff --git a/sapi/cli/tests/php_cli_server_013.phpt b/sapi/cli/tests/php_cli_server_013.phpt index 0e3f4ff74f..3ea3ea9cad 100644 --- a/sapi/cli/tests/php_cli_server_013.phpt +++ b/sapi/cli/tests/php_cli_server_013.phpt @@ -7,7 +7,7 @@ include "skipif.inc"; --FILE-- <?php include "php_cli_server.inc"; -php_cli_server_start(NULL, TRUE); +php_cli_server_start(NULL, NULL); list($host, $port) = explode(':', PHP_CLI_SERVER_ADDRESS); $port = intval($port)?:80; diff --git a/sapi/cli/tests/php_cli_server_014.phpt b/sapi/cli/tests/php_cli_server_014.phpt index e8bb5fa8a2..4f812e2f63 100644 --- a/sapi/cli/tests/php_cli_server_014.phpt +++ b/sapi/cli/tests/php_cli_server_014.phpt @@ -7,7 +7,7 @@ include "skipif.inc"; --FILE-- <?php include "php_cli_server.inc"; -php_cli_server_start('echo done, "\n";', TRUE); +php_cli_server_start('echo done, "\n";', null); list($host, $port) = explode(':', PHP_CLI_SERVER_ADDRESS); $port = intval($port)?:80; |