From 8584cc010aaf5dfa9e314d3e8f2eb14aee78225b Mon Sep 17 00:00:00 2001 From: George Wang Date: Wed, 25 Feb 2015 10:48:19 -0500 Subject: Fixed a bug that header value is not terminated by '\0' when accessed through getenv(). --- sapi/litespeed/lsapilib.c | 31 +++++++++++++++++++++++++------ 1 file changed, 25 insertions(+), 6 deletions(-) diff --git a/sapi/litespeed/lsapilib.c b/sapi/litespeed/lsapilib.c index 3d1513ac50..baf0db3797 100644 --- a/sapi/litespeed/lsapilib.c +++ b/sapi/litespeed/lsapilib.c @@ -1390,10 +1390,12 @@ char * LSAPI_GetHeader_r( LSAPI_Request * pReq, int headerIndex ) off = pReq->m_pHeaderIndex->m_headerOff[ headerIndex ]; if ( !off ) return NULL; - if ( *(pReq->m_pHttpHeader + off + - pReq->m_pHeaderIndex->m_headerLen[ headerIndex ]) ) - *( pReq->m_pHttpHeader + off + - pReq->m_pHeaderIndex->m_headerLen[ headerIndex ]) = 0; + if ( *(pReq->m_pHttpHeader + off + + pReq->m_pHeaderIndex->m_headerLen[ headerIndex ]) ) + { + *( pReq->m_pHttpHeader + off + + pReq->m_pHeaderIndex->m_headerLen[ headerIndex ]) = 0; + } return pReq->m_pHttpHeader + off; } @@ -1830,12 +1832,21 @@ ssize_t LSAPI_Write_Stderr_r( LSAPI_Request * pReq, const char * pBuf, size_t le static char * GetHeaderVar( LSAPI_Request * pReq, const char * name ) { int i; + char * pValue; for( i = 0; i < H_TRANSFER_ENCODING; ++i ) { if ( pReq->m_pHeaderIndex->m_headerOff[i] ) { if ( strcmp( name, CGI_HEADERS[i] ) == 0 ) - return pReq->m_pHttpHeader + pReq->m_pHeaderIndex->m_headerOff[i]; + { + pValue = pReq->m_pHttpHeader + + pReq->m_pHeaderIndex->m_headerOff[i]; + if ( *(pValue + pReq->m_pHeaderIndex->m_headerLen[i]) != '\0') + { + *(pValue + pReq->m_pHeaderIndex->m_headerLen[i]) = '\0'; + } + return pValue; + } } } if ( pReq->m_pHeader->m_cntUnknownHeaders > 0 ) @@ -1862,7 +1873,15 @@ static char * GetHeaderVar( LSAPI_Request * pReq, const char * name ) ++p; ++pKey; } if (( pKey == pKeyEnd )&& (!*p )) - return pReq->m_pHttpHeader + pCur->valueOff; + { + pValue = pReq->m_pHttpHeader + pCur->valueOff; + + if ( *(pValue + pCur->valueLen) != '\0') + { + *(pValue + pCur->valueLen) = '\0'; + } + return pValue; + } ++pCur; } } -- cgit v1.2.1 From d5248f67b58ac3107fec82c5b937fc3f4c89784a Mon Sep 17 00:00:00 2001 From: Dmitry Stogov Date: Mon, 2 Mar 2015 12:27:36 +0300 Subject: Check variable type before its usage as IS_ARRAY. --- ext/soap/soap.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ext/soap/soap.c b/ext/soap/soap.c index eaa57d9032..8790605f8e 100644 --- a/ext/soap/soap.c +++ b/ext/soap/soap.c @@ -2884,7 +2884,8 @@ PHP_METHOD(SoapClient, __call) } /* Add default headers */ - if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__default_headers", sizeof("__default_headers"), (void **) &tmp)==SUCCESS) { + if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__default_headers", sizeof("__default_headers"), (void **) &tmp)==SUCCESS && + Z_TYPE_PP(tmp) == IS_ARRAY) { HashTable *default_headers = Z_ARRVAL_P(*tmp); if (soap_headers) { if (!free_soap_headers) { -- cgit v1.2.1