diff options
| -rw-r--r-- | NEWS | 5 | ||||
| -rw-r--r-- | sapi/cgi/fastcgi.c | 2 |
2 files changed, 5 insertions, 2 deletions
@@ -3,10 +3,10 @@ PHP NEWS ?? ??? 2015, PHP 5.5.22 - Core: - . Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname - buffer overflow). (Stas) . Fixed bug #67068 (getClosure returns somethings that's not a closure). (Danack at basereality dot com) + . Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname + buffer overflow). (Stas) - Date: . Fixed bug #45081 (strtotime incorrectly interprets SGT time zone). (Derick) @@ -20,6 +20,7 @@ PHP NEWS . Fixed bug #68827 (Double free with disabled ZMM). (Joshua Rogers) - FPM: + . Fixed bug #66479 (Wrong response to FCGI_GET_VALUES). (Frank Stolle) . Fixed bug #68571 (core dump when webserver close the socket). (redfoxli069 at gmail dot com, Laruence) diff --git a/sapi/cgi/fastcgi.c b/sapi/cgi/fastcgi.c index 98d503ec72..b79fbfac4b 100644 --- a/sapi/cgi/fastcgi.c +++ b/sapi/cgi/fastcgi.c @@ -998,6 +998,7 @@ static int fcgi_read_request(fcgi_request *req) q = req->env.list; while (q != NULL) { if (zend_hash_find(&fcgi_mgmt_vars, q->var, q->var_len, (void**) &value) != SUCCESS) { + q = q->list_next; continue; } zlen = Z_STRLEN_PP(value); @@ -1024,6 +1025,7 @@ static int fcgi_read_request(fcgi_request *req) p += q->var_len; memcpy(p, Z_STRVAL_PP(value), zlen); p += zlen; + q = q->list_next; } len = p - buf - sizeof(fcgi_header); len += fcgi_make_header((fcgi_header*)buf, FCGI_GET_VALUES_RESULT, 0, len); |