From: Dmitry Stogov <dmitry@php.net>
Date: Thu, 27 Apr 2006 11:39:32 +0000 (+0000)
Subject: Proper fix for bug #37205
X-Git-Tag: RELEASE_1_0_3~12
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ff452441e20445a3f829d8b5c6aaddfca84e2073;p=php

Proper fix for bug #37205
---

diff --git a/sapi/cgi/fastcgi.c b/sapi/cgi/fastcgi.c
index 152c8c1629..571cdab772 100644
--- a/sapi/cgi/fastcgi.c
+++ b/sapi/cgi/fastcgi.c
@@ -441,6 +441,7 @@ static int fcgi_read_request(fcgi_request *req)
 	unsigned char buf[FCGI_MAX_LENGTH+8];
 
 	req->keep = 0;
+	req->has_in = 0;
 	req->in_len = 0;
 	req->out_hdr = NULL;
 	req->out_pos = req->out_buf;
@@ -509,6 +510,15 @@ static int fcgi_read_request(fcgi_request *req)
 			len = (hdr.contentLengthB1 << 8) | hdr.contentLengthB0;
 			padding = hdr.paddingLength;
 		}
+		if (safe_read(req, &hdr, sizeof(fcgi_header)) != sizeof(fcgi_header) ||
+		    hdr.version < FCGI_VERSION_1 ||
+		    hdr.type != FCGI_STDIN) {
+			req->keep = 0;
+			return 0;
+		}
+		req->in_len = (hdr.contentLengthB1 << 8) | hdr.contentLengthB0;
+		req->in_pad = hdr.paddingLength;
+		req->has_in = (req->in_len != 0);
 	} else if (hdr.type == FCGI_GET_VALUES) {
 		int i, j;
 		int name_len;
@@ -551,6 +561,9 @@ int fcgi_read(fcgi_request *req, char *str, int len)
 	fcgi_header hdr;
 	unsigned char buf[8];
 
+	if (!req->has_in) {
+		return 0;
+	}
 	n = 0;
 	rest = len;
 	while (rest > 0) {
diff --git a/sapi/cgi/fastcgi.h b/sapi/cgi/fastcgi.h
index 7c910e1abb..bb13f4bfe5 100644
--- a/sapi/cgi/fastcgi.h
+++ b/sapi/cgi/fastcgi.h
@@ -97,6 +97,7 @@ typedef struct _fcgi_request {
 	int            id;
 	int            keep;
 
+	int            has_in;
 	int            in_len;
 	int            in_pad;