From 448ef30f75988384b84cdb88bbb3a1a56b9534da Mon Sep 17 00:00:00 2001 From: Adam Harvey Date: Tue, 6 Jan 2015 01:23:27 +0000 Subject: [PATCH] Handle NULL strings in sapi_cli_server_register_variable(). Fixes bug #68745 (Invalid HTTP requests make web server segfault). --- NEWS | 3 +++ sapi/cli/php_cli_server.c | 5 +++++ sapi/cli/tests/bug68745.phpt | 34 ++++++++++++++++++++++++++++++++++ 3 files changed, 42 insertions(+) create mode 100644 sapi/cli/tests/bug68745.phpt diff --git a/NEWS b/NEWS index 9cef67b41c..a103eadbfa 100644 --- a/NEWS +++ b/NEWS @@ -23,6 +23,9 @@ PHP NEWS - CGI: . Fix bug #68618 (out of bounds read crashes php-cgi). (Stas) +- CLI server: + . Fix bug #68745 (Invalid HTTP requests make web server segfault). (Adam) + - cURL: . Fixed bug #67643 (curl_multi_getcontent returns '' when CURLOPT_RETURNTRANSFER isn't set). (Jille Timmermans) diff --git a/sapi/cli/php_cli_server.c b/sapi/cli/php_cli_server.c index 5e38fa53d3..5bfadf16c4 100644 --- a/sapi/cli/php_cli_server.c +++ b/sapi/cli/php_cli_server.c @@ -708,6 +708,11 @@ static void sapi_cli_server_register_variable(zval *track_vars_array, const char { char *new_val = (char *)val; uint new_val_len; + + if (NULL == val) { + return; + } + if (sapi_module.input_filter(PARSE_SERVER, (char*)key, &new_val, strlen(val), &new_val_len TSRMLS_CC)) { php_register_variable_safe((char *)key, new_val, new_val_len, track_vars_array TSRMLS_CC); } diff --git a/sapi/cli/tests/bug68745.phpt b/sapi/cli/tests/bug68745.phpt new file mode 100644 index 0000000000..f52e6bcc74 --- /dev/null +++ b/sapi/cli/tests/bug68745.phpt @@ -0,0 +1,34 @@ +--TEST-- +Bug #68745 (Invalid HTTP requests make web server segfault) +--SKIPIF-- + +--FILE-- + +--EXPECTF-- +HTTP/1.1 200 OK +Connection: close +X-Powered-By: %s +Content-type: text/html + +int(%d) -- 2.40.0