]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 635be00)
plug leak in CGI SAPI when running scripts with query string in console
authorAntony Dovgal <tony2001@php.net>
Mon, 19 Jun 2006 17:49:20 +0000 (17:49 +0000)
committerAntony Dovgal <tony2001@php.net>
Mon, 19 Jun 2006 17:49:20 +0000 (17:49 +0000)
sapi/cgi/cgi_main.c patch | blob | history

diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
index ddc601506492c014c9b6ecde623ec86ca88d7d8a..1c4766b0f07e74d770ac70ee3b3cf7bacb10ca70 100644 (file)
--- a/sapi/cgi/cgi_main.c
+++ b/sapi/cgi/cgi_main.c
@@ -922,6 +922,7 @@ static int is_port_number(const char *bindpath)
  */
 int main(int argc, char *argv[])
 {
+       int free_query_string = 0;
        int exit_status = SUCCESS;
        int cgi = 0, c, i, len;
        zend_file_handle file_handle;
@@ -1443,7 +1444,7 @@ consult the installation file that came with this distribution, or visit \n\
                                                len += strlen(argv[i]) + 1;
                                        }
 
-                                       s = malloc(len + 1);    /* leak - but only for command line version, so ok */
+                                       s = malloc(len + 1);
                                        *s = '\0';                      /* we are pretending it came from the environment  */
                                        for (i = php_optind, len = 0; i < argc; i++) {
                                                strcat(s, argv[i]);
@@ -1452,6 +1453,7 @@ consult the installation file that came with this distribution, or visit \n\
                                                }
                                        }
                                        SG(request_info).query_string = s;
+                                       free_query_string = 1;
                                }
                        } /* end !cgi && !fastcgi */
 
@@ -1601,6 +1603,10 @@ fastcgi_request_done:
                                        free(SG(request_info).path_translated);
                                        SG(request_info).path_translated = NULL;
                                }
+                               if (free_query_string && SG(request_info).query_string) {
+                                       free(SG(request_info).query_string);
+                                       SG(request_info).query_string = NULL;
+                               }
                        }
 
                        if (!fastcgi) break;
Unnamed repository; edit this file 'description' to name the repository.