Skip to content
Browse files

Fix for CVE-2012-1823

  • Loading branch information...
1 parent 704bbb3 commit 29300b1f9dab068d477b241d8fd872e3a7c829b3 @rlerdorf rlerdorf committed with johannes
Showing with 14 additions and 1 deletion.
  1. +14 −1 sapi/cgi/cgi_main.c
View
15 sapi/cgi/cgi_main.c
@@ -70,6 +70,7 @@
#include "php_main.h"
#include "fopen_wrappers.h"
#include "ext/standard/php_standard.h"
+#include "ext/standard/url.h"
#ifdef PHP_WIN32
# include <io.h>
@@ -1507,6 +1508,9 @@ int main(int argc, char *argv[])
#ifndef PHP_WIN32
int status = 0;
#endif
+ char *query_string;
+ char *decoded_query_string;
+ int skip_getopt = 0;
#if 0 && defined(PHP_DEBUG)
/* IIS is always making things more difficult. This allows
@@ -1556,7 +1560,16 @@ int main(int argc, char *argv[])
}
}
- while ((c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 0, 2)) != -1) {
+ if(query_string = getenv("QUERY_STRING")) {
+ decoded_query_string = strdup(query_string);
+ php_url_decode(decoded_query_string, strlen(decoded_query_string));
+ if(*decoded_query_string == '-' && strchr(decoded_query_string, '=') == NULL) {
+ skip_getopt = 1;
+ }
+ free(decoded_query_string);
+ }
+
+ while (!skip_getopt && (c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 0, 2)) != -1) {
switch (c) {
case 'c':
if (cgi_sapi_module.php_ini_path_override) {

0 comments on commit 29300b1

Please sign in to comment.
Something went wrong with that request. Please try again.