]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0c0fb4b)
Fixed security issue detailed in CVE-2008-0599
authorIlia Alshanetsky <iliaa@php.net>
Thu, 28 Feb 2008 00:29:29 +0000 (00:29 +0000)
committerIlia Alshanetsky <iliaa@php.net>
Thu, 28 Feb 2008 00:29:29 +0000 (00:29 +0000)
NEWS patch | blob | history
sapi/cgi/cgi_main.c patch | blob | history

diff --git a/NEWS b/NEWS
index 3305e03bd36adabd43aea746925746b0ca8fb735..675d9e16643efa2a3bff42ecb5a4f4263ac48277 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,7 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-?? ??? 2008, PHP 5.2.6
+27 Feb 2008, PHP 5.2.6RC1
+- Fixed security issue detailed in CVE-2008-0599. (Rasmus)
 - Fixed potential memleak in stream filter parameter for zlib filter (Greg)
 - Added Reflection API metadata for the methods of the DOM classes. (Sebastian)
 - Fixed weired behavior in CGI parameter parsing. (Dmitry, Hannes Magnusson)
diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
index 660df6336e4a578d1caf611cbb01abc4d9224d82..e9cfe314039b0b12dc99e6f5210e735758b630e5 100644 (file)
--- a/sapi/cgi/cgi_main.c
+++ b/sapi/cgi/cgi_main.c
@@ -1017,7 +1017,7 @@ static void init_request_info(TSRMLS_D)
                                                ) {
                                                        /* PATH_TRANSLATED = PATH_TRANSLATED - SCRIPT_NAME + PATH_INFO */
                                                        int ptlen = strlen(pt) - strlen(env_script_name);
-                                                       int path_translated_len = ptlen + env_path_info ? strlen(env_path_info) : 0;
+                                                       int path_translated_len = ptlen + (env_path_info ? strlen(env_path_info) : 0);
                                                        char *path_translated = NULL;
 
                                                        path_translated = (char *) emalloc(path_translated_len + 1);
Unnamed repository; edit this file 'description' to name the repository.