Skip to content
Permalink
Browse files

Handle NULL strings in sapi_cli_server_register_variable().

Fixes bug #68745 (Invalid HTTP requests make web server segfault).
  • Loading branch information...
LawnGnome committed Jan 6, 2015
1 parent 0cc2810 commit 448ef30f75988384b84cdb88bbb3a1a56b9534da
Showing with 42 additions and 0 deletions.
  1. +3 −0 NEWS
  2. +5 −0 sapi/cli/php_cli_server.c
  3. +34 −0 sapi/cli/tests/bug68745.phpt
3 NEWS
@@ -23,6 +23,9 @@ PHP NEWS
- CGI:
. Fix bug #68618 (out of bounds read crashes php-cgi). (Stas)

- CLI server:
. Fix bug #68745 (Invalid HTTP requests make web server segfault). (Adam)

- cURL:
. Fixed bug #67643 (curl_multi_getcontent returns '' when
CURLOPT_RETURNTRANSFER isn't set). (Jille Timmermans)
@@ -708,6 +708,11 @@ static void sapi_cli_server_register_variable(zval *track_vars_array, const char
{
char *new_val = (char *)val;
uint new_val_len;

if (NULL == val) {
return;
}

if (sapi_module.input_filter(PARSE_SERVER, (char*)key, &new_val, strlen(val), &new_val_len TSRMLS_CC)) {
php_register_variable_safe((char *)key, new_val, new_val_len, track_vars_array TSRMLS_CC);
}
@@ -0,0 +1,34 @@
--TEST--
Bug #68745 (Invalid HTTP requests make web server segfault)
--SKIPIF--
<?php
include "skipif.inc";
?>
--FILE--
<?php
include "php_cli_server.inc";
php_cli_server_start('var_dump(count($_SERVER));', 'not-index.php');
list($host, $port) = explode(':', PHP_CLI_SERVER_ADDRESS);
$port = intval($port)?:80;
$fp = fsockopen($host, $port, $errno, $errstr, 0.5);
if (!$fp) {
die("connect failed");
}
if(fwrite($fp, "GET www.example.com:80 HTTP/1.1\r\n\r\n")) {
while (!feof($fp)) {
echo fgets($fp);
}
}
fclose($fp);
?>
--EXPECTF--
HTTP/1.1 200 OK
Connection: close
X-Powered-By: %s
Content-type: text/html

int(%d)

0 comments on commit 448ef30

Please sign in to comment.
You can’t perform that action at this time.