fixing some crashbugs that can be triggered with bogus uploads.

author Stefan Esser <sesser@php.net>

Wed, 5 Jun 2002 11:28:33 +0000 (11:28 +0000)

committer Stefan Esser <sesser@php.net>

Wed, 5 Jun 2002 11:28:33 +0000 (11:28 +0000)
author Stefan Esser <sesser@php.net>
Wed, 5 Jun 2002 11:28:33 +0000 (11:28 +0000)
committer Stefan Esser <sesser@php.net>
Wed, 5 Jun 2002 11:28:33 +0000 (11:28 +0000)
diff --git a/main/rfc1867.c b/main/rfc1867.c

index 35252daaf03b93ed05398092bee27e9a3c3b581b..a89f32762821dc8095fa23747adbfe22dd6e329d 100644 (file)
--- a/main/rfc1867.c
+++ b/main/rfc1867.c
@@ -354,6 +354,8 @@ static int multipart_buffer_headers(multipart_buffer *self, zend_llist *header T
                         entry.value[cur_len + prev_len] = '\0';
  
                         entry.key = estrdup(prev_entry.key);
+               } else {
+                       continue;
                 }
  
                 zend_llist_add_element(header, &entry);
@@ -706,15 +708,21 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler)
  
                         /* If file_uploads=off, skip the file part */
                         if (!PG(file_uploads)) {
-                               efree(filename);
-                               if (param) efree(param);
+                               if (filename) {
+                                       efree(filename);
+                               }
+                               if (param) {
+                                       efree(param);
+                               }
                                 continue;
                         }
  
                         /* Return with an error if the posted data is garbled */
                         if (!param) {
                                 sapi_module.sapi_error(E_WARNING, "File Upload Mime headers garbled");
-                               efree(filename);
+                               if (filename) {
+                                       efree(filename);
+                               }
                                 SAFE_RETURN;
                         }
  
@@ -824,7 +832,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler)
                         s = NULL;
         
                         /* Possible Content-Type: */
-                       if (!(cd = php_mime_get_hdr_value(header, "Content-Type")) || filename == "") {
+                       if (cancel_upload || !(cd = php_mime_get_hdr_value(header, "Content-Type"))) {
                                 cd = "";
                         } else { 
                                 /* fix for Opera 6.01 */
author	Stefan Esser <sesser@php.net>
	Wed, 5 Jun 2002 11:28:33 +0000 (11:28 +0000)
committer	Stefan Esser <sesser@php.net>
	Wed, 5 Jun 2002 11:28:33 +0000 (11:28 +0000)