From: Moriyoshi Koizumi <moriyoshi@php.net>
Date: Mon, 10 Feb 2003 20:13:36 +0000 (+0000)
Subject: MFH: fixed possible buffer overflow in 64bit systems
X-Git-Tag: php-4.3.2RC1~274
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=5173670675bb432fc26c3418cbe6fedfe0ac735b;p=php

MFH: fixed possible buffer overflow in 64bit systems
---

diff --git a/main/SAPI.c b/main/SAPI.c
index 8e15573327..dd10339499 100644
--- a/main/SAPI.c
+++ b/main/SAPI.c
@@ -619,14 +619,18 @@ SAPI_API int sapi_header_op(sapi_header_op_enum op, void *arg TSRMLS_DC)
 											 	0, &result_len, -1 TSRMLS_CC);
 						if(result_len==ptr_len) {
 							char *lower_temp = estrdup(ptr);	
-							char conv_temp[32];
+							char conv_temp[64];
 							int conv_len;
 
 							php_strtolower(lower_temp,strlen(lower_temp));
 							/* If there is no realm string at all, append one */
 							if(!strstr(lower_temp,"realm")) {
 								efree(result);
-								conv_len = sprintf(conv_temp," realm=\"%ld\"",myuid);		
+								conv_len = snprintf(conv_temp, sizeof(conv_temp), " realm=\"%ld\"",myuid);
+								/* some broken snprintf() impls may return a negative value on failure */
+								if (conv_len < 0) {
+									conv_len = 0;
+								}
 								result = emalloc(ptr_len+conv_len+1);
 								result_len = ptr_len+conv_len;
 								memcpy(result, ptr, ptr_len);