MF51:

fix bug #37061 (curl_exec() doesn't zero-terminate binary strings) - we get the data length from cURL, so it's binary safe.
fix leak appearing when re-using curl handle

diff --git a/ext/curl/interface.c b/ext/curl/interface.c
index 87578293d13e911d9935d3d97653324f21d99e0d..a203578712c976c9aa6113e66df65d502ed20967 100644 (file)
--- a/ext/curl/interface.c
+++ b/ext/curl/interface.c
@@ -1206,6 +1206,8 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu
 
                        if (Z_LVAL_PP(zvalue)) {
                                ch->handlers->write->type = PHP_CURL_BINARY;
+                       } else {
+                               ch->handlers->write->type = PHP_CURL_ASCII;
                        }
                        break;
                case CURLOPT_WRITEFUNCTION:
@@ -1460,7 +1462,7 @@ PHP_FUNCTION(curl_setopt_array)
 void _php_curl_cleanup_handle(php_curl *ch)
 {
        if (ch->handlers->write->buf.len > 0) {
-               memset(&ch->handlers->write->buf, 0, sizeof(smart_str));
+               smart_str_free(&ch->handlers->write->buf);
        }
        if (ch->header.str_len) {
                efree(ch->header.str);
@@ -1495,7 +1497,6 @@ PHP_FUNCTION(curl_exec)
                if (ch->handlers->write->buf.len > 0) {
                        smart_str_free(&ch->handlers->write->buf);
                }
-
                RETURN_FALSE;
        }
 
@@ -1503,10 +1504,8 @@ PHP_FUNCTION(curl_exec)
 
        if (ch->handlers->write->method == PHP_CURL_RETURN && ch->handlers->write->buf.len > 0) {
                --ch->uses;
-               if (ch->handlers->write->type != PHP_CURL_BINARY)  {
-                       smart_str_0(&ch->handlers->write->buf);
-               }
-               RETURN_STRINGL(ch->handlers->write->buf.c, ch->handlers->write->buf.len, 0);
+               smart_str_0(&ch->handlers->write->buf);
+               RETURN_STRINGL(ch->handlers->write->buf.c, ch->handlers->write->buf.len, 1);
        }
        --ch->uses;
        RETURN_TRUE;
@@ -1737,6 +1736,9 @@ static void _php_curl_close(zend_rsrc_list_entry *rsrc TSRMLS_DC)
        zend_llist_clean(&ch->to_free.slist);
        zend_llist_clean(&ch->to_free.post);
 
+       if (ch->handlers->write->buf.len > 0) {
+               smart_str_free(&ch->handlers->write->buf);
+       }
        if (ch->handlers->write->func_name) {
                zval_ptr_dtor(&ch->handlers->write->func_name);
        }
@@ -1752,7 +1754,7 @@ static void _php_curl_close(zend_rsrc_list_entry *rsrc TSRMLS_DC)
        if (ch->header.str_len > 0) {
                efree(ch->header.str);
        }
-
+       
        efree(ch->handlers->write);
        efree(ch->handlers->write_header);
        efree(ch->handlers->read);

diff --git a/ext/curl/multi.c b/ext/curl/multi.c
index d10f188a80c102b4212c801bdbc4acd19a603d20..ef91948a28c9ec39c53bbb4d4d952cc76ddb5ced 100644 (file)
--- a/ext/curl/multi.c
+++ b/ext/curl/multi.c
@@ -195,11 +195,8 @@ PHP_FUNCTION(curl_multi_getcontent)
        ZEND_FETCH_RESOURCE(ch, php_curl *, &z_ch, -1, le_curl_name, le_curl);
 
        if (ch->handlers->write->method == PHP_CURL_RETURN && ch->handlers->write->buf.len > 0) {
-               if (ch->handlers->write->type != PHP_CURL_BINARY) {
-                       smart_str_0(&ch->handlers->write->buf);
-               }
-               
-               RETURN_STRINGL(ch->handlers->write->buf.c, ch->handlers->write->buf.len, 0);
+               smart_str_0(&ch->handlers->write->buf);
+               RETURN_STRINGL(ch->handlers->write->buf.c, ch->handlers->write->buf.len, 1);
        }
 }