From: Antony Dovgal <tony2001@php.net>
Date: Mon, 19 Jun 2006 17:49:20 +0000 (+0000)
Subject: plug leak in CGI SAPI when running scripts with query string in console
X-Git-Tag: RELEASE_1_0_0RC1~2696
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d6669ef575a2a49ce9e7295f2e0009d4468234e7;p=php

plug leak in CGI SAPI when running scripts with query string in console
---

diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
index ddc6015064..1c4766b0f0 100644
--- a/sapi/cgi/cgi_main.c
+++ b/sapi/cgi/cgi_main.c
@@ -922,6 +922,7 @@ static int is_port_number(const char *bindpath)
  */
 int main(int argc, char *argv[])
 {
+	int free_query_string = 0;
 	int exit_status = SUCCESS;
 	int cgi = 0, c, i, len;
 	zend_file_handle file_handle;
@@ -1443,7 +1444,7 @@ consult the installation file that came with this distribution, or visit \n\
 						len += strlen(argv[i]) + 1;
 					}
 
-					s = malloc(len + 1);	/* leak - but only for command line version, so ok */
+					s = malloc(len + 1);
 					*s = '\0';			/* we are pretending it came from the environment  */
 					for (i = php_optind, len = 0; i < argc; i++) {
 						strcat(s, argv[i]);
@@ -1452,6 +1453,7 @@ consult the installation file that came with this distribution, or visit \n\
 						}
 					}
 					SG(request_info).query_string = s;
+					free_query_string = 1;
 				}
 			} /* end !cgi && !fastcgi */
 
@@ -1601,6 +1603,10 @@ fastcgi_request_done:
 					free(SG(request_info).path_translated);
 					SG(request_info).path_translated = NULL;
 				}
+				if (free_query_string && SG(request_info).query_string) {
+					free(SG(request_info).query_string);
+					SG(request_info).query_string = NULL;
+				}
 			}
 
 			if (!fastcgi) break;