diff options
| -rw-r--r-- | NEWS | 5 | ||||
| -rw-r--r-- | sapi/cgi/fastcgi.c | 2 |
2 files changed, 5 insertions, 2 deletions
@@ -3,10 +3,10 @@ ?? Feb 2015, PHP 5.6.6 - Core: - . Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname - buffer overflow). (Stas) . Fixed bug #67068 (getClosure returns somethings that's not a closure). (Danack at basereality dot com) + . Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname + buffer overflow). (Stas) - Dba: . Fixed bug #68711 (useless comparisons). (bugreports at internot dot info) @@ -23,6 +23,7 @@ gifs). (Anatol) - FPM: + . Fixed bug #66479 (Wrong response to FCGI_GET_VALUES). (Frank Stolle) . Fixed bug #68571 (core dump when webserver close the socket). (redfoxli069 at gmail dot com, Laruence) diff --git a/sapi/cgi/fastcgi.c b/sapi/cgi/fastcgi.c index 98d503ec72..b79fbfac4b 100644 --- a/sapi/cgi/fastcgi.c +++ b/sapi/cgi/fastcgi.c @@ -998,6 +998,7 @@ static int fcgi_read_request(fcgi_request *req) q = req->env.list; while (q != NULL) { if (zend_hash_find(&fcgi_mgmt_vars, q->var, q->var_len, (void**) &value) != SUCCESS) { + q = q->list_next; continue; } zlen = Z_STRLEN_PP(value); @@ -1024,6 +1025,7 @@ static int fcgi_read_request(fcgi_request *req) p += q->var_len; memcpy(p, Z_STRVAL_PP(value), zlen); p += zlen; + q = q->list_next; } len = p - buf - sizeof(fcgi_header); len += fcgi_make_header((fcgi_header*)buf, FCGI_GET_VALUES_RESULT, 0, len); |