- Fix #51688, ini per dir crashes when invalid document root are given

diff --git a/NEWS b/NEWS
index 9c9a40df469a285771af899cb9eca452046b0f1d..50c70a4b884fd6b12da3696ebbdb45d9071ad5bc 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -35,6 +35,8 @@ PHP                                                                        NEWS
   requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert)
 - Fixed 64-bit integer overflow in mhash_keygen_s2k(). (Clément LECIGNE, Stas)
 
+- Fixed bug #51688 (ini per dir crashes when invalid document root  are given).
+  (Pierre)
 - Fixed bug #51671 (imagefill does not work correctly for small images).
   (Pierre)
 - Fixed bug #51670 (getColumnMeta causes segfault when re-executing query

diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
index 90158fb6169aa027ab653673d8b07c60fd464308..4c7d020a502cce516b68ae35f93fb999e2f66c9b 100644 (file)
--- a/sapi/cgi/cgi_main.c
+++ b/sapi/cgi/cgi_main.c
@@ -735,6 +735,10 @@ static void php_cgi_ini_activate_user_config(char *path, int path_len, const cha
 
                if (!IS_ABSOLUTE_PATH(path, path_len)) {
                        real_path = tsrm_realpath(path, NULL TSRMLS_CC);
+                       /* see #51688, looks like we may get invalid path as doc root using cgi with apache */
+                       if (real_path == NULL) {
+                               return;
+                       }
                        real_path_len = strlen(real_path);
                        path = real_path;
                        path_len = real_path_len;