projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f3f76e5)
Fixed bug #61461 (missing checks around malloc() calls).
authorIlia Alshanetsky <iliaal@php.net>
Wed, 21 Mar 2012 01:07:08 +0000 (21:07 -0400)
committerIlia Alshanetsky <iliaal@php.net>
Wed, 21 Mar 2012 01:07:08 +0000 (21:07 -0400)
NEWS patch | blob | history
sapi/cli/php_cli_server.c patch | blob | history

diff --git a/NEWS b/NEWS
index ae0d190913fdccd9ba37cbceff521ba0e7da2ea9..af4f4c928780ce22c4fcd10cabbbe9ac9c47e0c8 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,7 @@ PHP                                                                        NEWS
 ?? ??? 2012, PHP 5.4.1 RC1
 
 - CLI Server:
+  . Fixed bug #61461 (missing checks around malloc() calls). (Ilia)
   . Implemented FR #60850 (Built in web server does not set 
     $_SERVER['SCRIPT_FILENAME'] when using router). (Laruence)
   . "Connection: close" instead of "Connection: closed" (Gustavo)
diff --git a/sapi/cli/php_cli_server.c b/sapi/cli/php_cli_server.c
index 88f5d78d2024321de74516a1c78aefa13e4ddc95..79ccea37d7a696a84434f0b05f3c3bf26c12c167 100644 (file)
--- a/sapi/cli/php_cli_server.c
+++ b/sapi/cli/php_cli_server.c
@@ -1281,6 +1281,10 @@ static void php_cli_server_request_translate_vpath(php_cli_server_request *reque
        size_t prev_patch_len;
        int  is_static_file = 0;
 
+       if (!buf) {
+               return;
+       }
+
        memmove(p, document_root, document_root_len);
        p += document_root_len;
        vpath = p;
@@ -1536,6 +1540,9 @@ static int php_cli_server_client_read_request_on_body(php_http_parser *parser, c
        php_cli_server_client *client = parser->data;
        if (!client->request.content) {
                client->request.content = pemalloc(parser->content_length, 1);
+               if (!client->request.content) {
+                       return -1;
+               }
                client->request.content_len = 0;
        }
        memmove(client->request.content + client->request.content_len, at, length);
@@ -1606,6 +1613,9 @@ static int php_cli_server_client_read_request(php_cli_server_client *client, cha
        }
        if (client->current_header_name) {
                char *header_name = safe_pemalloc(client->current_header_name_len, 1, 1, 1);
+               if (!header_name) {
+                       return -1;
+               }
                memmove(header_name, client->current_header_name, client->current_header_name_len);
                client->current_header_name = header_name;
                client->current_header_name_allocated = 1;
Unnamed repository; edit this file 'description' to name the repository.