MFB: Eliminate strcat() usage

     Fixed handling of argv[] for GET

diff --git a/sapi/cgi/README.FastCGI b/sapi/cgi/README.FastCGI
index 3dda295d843342b771f5456f450c1c27cc40201a..57c5fc73779ee568ce6935e2f7f428540649a116 100644 (file)
--- a/sapi/cgi/README.FastCGI
+++ b/sapi/cgi/README.FastCGI
@@ -69,7 +69,7 @@ a line in your config like:
 
 Don't load mod_php, by the way. Make sure it is commented out!
 
-    #LoadModule php5_module /usr/lib/apache/2.0/libphp5.so
+    #LoadModule php6_module /usr/lib/apache/2.0/libphp6.so
 
 Now, we'll create a fcgi-bin directory, just like you would do with normal
 CGI scripts. You'll need to create a directory somewhere to store your

diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
index 4d6c5a836532347be0897107ff58b1881d3cde56..9862f7895fa3364bc9185c49bd3c640f6d86c096 100644 (file)
--- a/sapi/cgi/cgi_main.c
+++ b/sapi/cgi/cgi_main.c
@@ -836,11 +836,11 @@ static void init_request_info(TSRMLS_D)
                                                        env_script_name = pt + l;
 
                                                        /* PATH_TRANSATED = DOCUMENT_ROOT + PATH_INFO */
-                                                       path_translated_len = l + strlen(env_path_info) + 2;
-                                                       path_translated = (char *) emalloc(path_translated_len);
-                                                       *path_translated = 0;
-                                                       strncat(path_translated, env_document_root, l);
-                                                       strcat(path_translated, env_path_info);
+                                                       path_translated_len = l + strlen(env_path_info);
+                                                       path_translated = (char *) emalloc(path_translated_len + 1);
+                                                       memcpy(path_translated, env_document_root, l);
+                                                       memcpy(path_translated + l, env_path_info, (path_translated_len - l));
+                                                       path_translated[path_translated_len] = '\0';
                                                        if (orig_path_translated) {
                                                                _sapi_cgibin_putenv("ORIG_PATH_TRANSLATED", orig_path_translated TSRMLS_CC);
                                                        }
@@ -851,13 +851,13 @@ static void init_request_info(TSRMLS_D)
                                                ) {
                                                        /* PATH_TRANSATED = PATH_TRANSATED - SCRIPT_NAME + PATH_INFO */
                                                        int ptlen = strlen(pt) - strlen(env_script_name);
-                                                       int path_translated_len = ptlen + strlen(env_path_info) + 2;
+                                                       int path_translated_len = ptlen + strlen(env_path_info);
                                                        char *path_translated = NULL;
 
-                                                       path_translated = (char *) emalloc(path_translated_len);
-                                                       *path_translated = 0;
-                                                       strncat(path_translated, pt, ptlen);
-                                                       strcat(path_translated, env_path_info);
+                                                       path_translated = (char *) emalloc(path_translated_len + 1);
+                                                       memcpy(path_translated, pt, ptlen);
+                                                       memcpy(path_translated + ptlen, env_path_info, path_translated_len - ptlen);
+                                                       path_translated[path_translated_len] = '\0';
                                                        if (orig_path_translated) {
                                                                _sapi_cgibin_putenv("ORIG_PATH_TRANSLATED", orig_path_translated TSRMLS_CC);
                                                        }
@@ -1559,17 +1559,22 @@ consult the installation file that came with this distribution, or visit \n\
                                   test.php v1=test "v2=hello world!"
                                */
                                if (!SG(request_info).query_string && argc > php_optind) {
+                                       int slen = strlen(PG(arg_separator).input);
                                        len = 0;
                                        for (i = php_optind; i < argc; i++) {
-                                               len += strlen(argv[i]) + 1;
+                                               if (i < (argc - 1)) {
+                                                       len += strlen(argv[i]) + slen;
+                                               } else {
+                                                       len += strlen(argv[i]);
+                                               }
                                        }
 
-                                       s = malloc(len + 1);
+                                       s = malloc(++len + 1);
                                        *s = '\0';                      /* we are pretending it came from the environment  */
-                                       for (i = php_optind, len = 0; i < argc; i++) {
-                                               strcat(s, argv[i]);
+                                       for (i = php_optind; i < argc; i++) {
+                                               strlcat(s, argv[i], len);
                                                if (i < (argc - 1)) {
-                                                       strcat(s, PG(arg_separator).input);
+                                                       strlcat(s, PG(arg_separator).input, len);
                                                }
                                        }
                                        SG(request_info).query_string = s;