Security fix: Put '\0' string termination before loop

author Uwe Schindler <thetaphi@php.net>

Mon, 3 May 2004 12:23:25 +0000 (12:23 +0000)

committer Uwe Schindler <thetaphi@php.net>

Mon, 3 May 2004 12:23:25 +0000 (12:23 +0000)
author Uwe Schindler <thetaphi@php.net>
Mon, 3 May 2004 12:23:25 +0000 (12:23 +0000)
committer Uwe Schindler <thetaphi@php.net>
Mon, 3 May 2004 12:23:25 +0000 (12:23 +0000)
diff --git a/sapi/nsapi/nsapi.c b/sapi/nsapi/nsapi.c

index 6ead0b747c48a1920460f0b048ea24bf1477bf0f..1855412262d1ccb8f8834608ab26987ebe63a1f7 100644 (file)
--- a/sapi/nsapi/nsapi.c
+++ b/sapi/nsapi/nsapi.c
@@ -617,13 +617,13 @@ static void sapi_nsapi_register_server_variables(zval *track_vars_array TSRMLS_D
                 while (entry) {
                         if (!PG(safe_mode) || strncasecmp(entry->param->name, "authorization", 13)) {
                                 snprintf(buf, NS_BUF_SIZE, "HTTP_%s", entry->param->name);
+                               buf[NS_BUF_SIZE]='\0';
                                 for(p = buf + 5; *p; p++) {
                                         *p = toupper(*p);
                                         if (*p < 'A' || *p > 'Z') {
                                                 *p = '_';
                                         }
                                 }
-                               buf[NS_BUF_SIZE]='\0';
                                 php_register_variable(buf, entry->param->value, track_vars_array TSRMLS_CC);
                         }
                         entry=entry->next;
author	Uwe Schindler <thetaphi@php.net>
	Mon, 3 May 2004 12:23:25 +0000 (12:23 +0000)
committer	Uwe Schindler <thetaphi@php.net>
	Mon, 3 May 2004 12:23:25 +0000 (12:23 +0000)