]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 22693d1)
Fix mem leak and invalid frees in rfc1867 post handler
authorArnaud Le Blanc <lbarnaud@php.net>
Sat, 6 Sep 2008 08:22:25 +0000 (08:22 +0000)
committerArnaud Le Blanc <lbarnaud@php.net>
Sat, 6 Sep 2008 08:22:25 +0000 (08:22 +0000)
main/rfc1867.c patch | blob | history

diff --git a/main/rfc1867.c b/main/rfc1867.c
index b0e381b88a204c35158e05f259a84eac6933b0ab..c56d819df5cf42c4dafe0caa4af8cba907778fd5 100644 (file)
--- a/main/rfc1867.c
+++ b/main/rfc1867.c
@@ -1300,13 +1300,13 @@ var_done:
                                        if (cancel_upload != UPLOAD_ERROR_E) { /* file creation failed */
                                                unlink(ascii_temp_filename);
                                        }
-                                       efree(ascii_temp_filename);
                                        efree(temp_filename);
                                }
                                temp_filename = EMPTY_STR;
                        } else {
                                zend_u_hash_add(SG(rfc1867_uploaded_files), IS_UNICODE, ZSTR(temp_filename), u_strlen(temp_filename) + 1, &temp_filename, sizeof(UChar *), NULL);
                        }
+                       efree(ascii_temp_filename);
 
                        /* is_arr_upload is true when name of file upload field
                         * ends in [.*]
@@ -1372,7 +1372,7 @@ var_done:
 
                        /* Possible Content-Type: */
                        if (cancel_upload || !(cd = php_mime_get_hdr_value(header, "Content-Type"))) {
-                               ucd = EMPTY_STR;
+                               ucd = ecalloc(1, UBYTES(1));
                                ucd_len = 0;
                        } else { 
                                ucd = php_ap_to_unicode(cd, strlen(cd), &ucd_len TSRMLS_CC);
@@ -1470,7 +1470,6 @@ var_done:
                                register_u_http_post_files_variable_ex(lbuf, &file_size, http_post_files, 0 TSRMLS_CC);
                        }
                        efree(param);
-                       efree(filename);
                }
        }
 
Unnamed repository; edit this file 'description' to name the repository.