]> granicus.if.org Git - php/commitdiff
Avoid pointer UB in strip_header
authorNikita Popov <nikita.ppv@gmail.com>
Tue, 3 Sep 2019 10:01:56 +0000 (12:01 +0200)
committerNikita Popov <nikita.ppv@gmail.com>
Tue, 3 Sep 2019 10:28:18 +0000 (12:28 +0200)
Don't calculate header_start if lc_header_start is NULL, as we're
going to overflow the address space in that case.

ext/standard/http_fopen_wrapper.c

index b01aed1e96ba287be93a19defd5e559e82353a0a..ff0b54798fab85b27ffbb3d5bb610cd6ff379fe8 100644 (file)
@@ -86,11 +86,10 @@ static inline void strip_header(char *header_bag, char *lc_header_bag,
                const char *lc_header_name)
 {
        char *lc_header_start = strstr(lc_header_bag, lc_header_name);
-       char *header_start = header_bag + (lc_header_start - lc_header_bag);
-
        if (lc_header_start
        && (lc_header_start == lc_header_bag || *(lc_header_start-1) == '\n')
        ) {
+               char *header_start = header_bag + (lc_header_start - lc_header_bag);
                char *lc_eol = strchr(lc_header_start, '\n');
                char *eol = header_start + (lc_eol - lc_header_start);