improve fix for CVE-2012-1823

diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
index 5c1c55ec154174c8ecdb499343f8fb49ced64f2d..d25cad41645fea0bbe7ac6231b80fc859a0b00d6 100644 (file)
--- a/sapi/cgi/cgi_main.c
+++ b/sapi/cgi/cgi_main.c
@@ -1807,10 +1807,15 @@ int main(int argc, char *argv[])
                }
        }
 
-       if(query_string = getenv("QUERY_STRING")) {
+       if((query_string = getenv("QUERY_STRING")) != NULL && strchr(query_string, '=') == NULL) {
+               /* we've got query string that has no = - apache CGI will pass it to command line */
+               unsigned char *p;
                decoded_query_string = strdup(query_string);
                php_url_decode(decoded_query_string, strlen(decoded_query_string));
-               if(*decoded_query_string == '-' && strchr(decoded_query_string, '=') == NULL) {
+               for (p = decoded_query_string; *p &&  *p <= ' '; p++) {
+                       /* skip all leading spaces */
+               }
+               if(*p == '-') {
                        skip_getopt = 1;
                }
                free(decoded_query_string);
@@ -2074,7 +2079,7 @@ consult the installation file that came with this distribution, or visit \n\
        }
 
        zend_first_try {
-               while ((c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 1, 2)) != -1) {
+               while (!skip_getopt && (c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 1, 2)) != -1) {
                        switch (c) {
                                case 'T':
                                        benchmark = 1;