Fixed a possible crash when PATH_INFO is not provided but the path contains

author Ilia Alshanetsky <iliaa@php.net>

Sun, 20 May 2007 15:56:10 +0000 (15:56 +0000)

committer Ilia Alshanetsky <iliaa@php.net>

Sun, 20 May 2007 15:56:10 +0000 (15:56 +0000)
author Ilia Alshanetsky <iliaa@php.net>
Sun, 20 May 2007 15:56:10 +0000 (15:56 +0000)
committer Ilia Alshanetsky <iliaa@php.net>
Sun, 20 May 2007 15:56:10 +0000 (15:56 +0000)
diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c

index b59a3994aa42e4b093c0377e9843efa9ced360da..4f28378e6ac0f79f5307606024ba19c3686a7f1a 100644 (file)
--- a/sapi/cgi/cgi_main.c
+++ b/sapi/cgi/cgi_main.c
@@ -825,8 +825,8 @@ static void init_request_info(TSRMLS_D)
                                                  * out what SCRIPT_NAME should be
                                                  */
                                                 int slen = len - strlen(pt);
-                                               int pilen = strlen(env_path_info);
-                                               char *path_info = env_path_info + pilen - slen;
+                                               int pilen = env_path_info ? strlen(env_path_info) : 0;
+                                               char *path_info = env_path_info ? env_path_info + pilen - slen : NULL;
  
                                                 if (orig_path_info != path_info) {
                                                         if (orig_path_info) {
@@ -866,10 +866,12 @@ static void init_request_info(TSRMLS_D)
                                                         env_script_name = pt + l;
  
                                                         /* PATH_TRANSATED = DOCUMENT_ROOT + PATH_INFO */
-                                                       path_translated_len = l + strlen(env_path_info);
+                                                       path_translated_len = l + (env_path_info ? strlen(env_path_info) : 0);
                                                         path_translated = (char *) emalloc(path_translated_len + 1);
                                                         memcpy(path_translated, env_document_root, l);
-                                                       memcpy(path_translated + l, env_path_info, (path_translated_len - l));
+                                                       if (env_path_info) {
+                                                               memcpy(path_translated + l, env_path_info, (path_translated_len - l));
+                                                       }
                                                         path_translated[path_translated_len] = '\0';
                                                         if (orig_path_translated) {
                                                                 _sapi_cgibin_putenv("ORIG_PATH_TRANSLATED", orig_path_translated TSRMLS_CC);
@@ -881,12 +883,14 @@ static void init_request_info(TSRMLS_D)
                                                 ) {
                                                         /* PATH_TRANSATED = PATH_TRANSATED - SCRIPT_NAME + PATH_INFO */
                                                         int ptlen = strlen(pt) - strlen(env_script_name);
-                                                       int path_translated_len = ptlen + strlen(env_path_info);
+                                                       int path_translated_len = ptlen + env_path_info ? strlen(env_path_info) : 0;
                                                         char *path_translated = NULL;
  
                                                         path_translated = (char *) emalloc(path_translated_len + 1);
                                                         memcpy(path_translated, pt, ptlen);
-                                                       memcpy(path_translated + ptlen, env_path_info, path_translated_len - ptlen);
+                                                       if (env_path_info) {
+                                                               memcpy(path_translated + ptlen, env_path_info, path_translated_len - ptlen);
+                                                       }
                                                         path_translated[path_translated_len] = '\0';
                                                         if (orig_path_translated) {
                                                                 _sapi_cgibin_putenv("ORIG_PATH_TRANSLATED", orig_path_translated TSRMLS_CC);
diff --git a/sapi/cgi/tests/009.phpt b/sapi/cgi/tests/009.phpt

new file mode 100644 (file)

index 0000000..c92fc87
--- /dev/null
+++ b/sapi/cgi/tests/009.phpt
@@ -0,0 +1,28 @@
+--TEST--
+path info request without exported PATH_INFO
+--SKIPIF--
+<?php include "skipif.inc"; ?>
+--FILE--
+<?php
+
+include "include.inc";
+
+$php = get_cgi_path();
+reset_env_vars();
+
+$f = tempnam(sys_get_temp_dir(), 'cgitest');
+
+putenv("TRANSLATED_PATH=".$f."/x");
+putenv("SCRIPT_FILENAME=".$f."/x");
+file_put_contents($f, '<?php var_dump($_SERVER["TRANSLATED_PATH"]); ');
+
+echo (`$php $f`);
+
+echo "Done\n";
+?>
+--EXPECTF--
+X-Powered-By: PHP/%s
+Content-type: text/html
+
+string(%d) "%s/x"
+Done
author	Ilia Alshanetsky <iliaa@php.net>
	Sun, 20 May 2007 15:56:10 +0000 (15:56 +0000)
committer	Ilia Alshanetsky <iliaa@php.net>
	Sun, 20 May 2007 15:56:10 +0000 (15:56 +0000)
sapi/cgi/cgi_main.c		patch \| blob \| history
sapi/cgi/tests/009.phpt	[new file with mode: 0644]	patch \| blob