From 52972cc61f6930f6e86699bb5b9475d97f2a2094 Mon Sep 17 00:00:00 2001 From: Antony Dovgal Date: Thu, 13 Apr 2006 11:26:43 +0000 Subject: [PATCH] MF51: fix bug #37061 (curl_exec() doesn't zero-terminate binary strings) - we get the data length from cURL, so it's binary safe. fix leak appearing when re-using curl handle --- ext/curl/interface.c | 16 +++++++++------- ext/curl/multi.c | 7 ++----- 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/ext/curl/interface.c b/ext/curl/interface.c index 87578293d1..a203578712 100644 --- a/ext/curl/interface.c +++ b/ext/curl/interface.c @@ -1206,6 +1206,8 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu if (Z_LVAL_PP(zvalue)) { ch->handlers->write->type = PHP_CURL_BINARY; + } else { + ch->handlers->write->type = PHP_CURL_ASCII; } break; case CURLOPT_WRITEFUNCTION: @@ -1460,7 +1462,7 @@ PHP_FUNCTION(curl_setopt_array) void _php_curl_cleanup_handle(php_curl *ch) { if (ch->handlers->write->buf.len > 0) { - memset(&ch->handlers->write->buf, 0, sizeof(smart_str)); + smart_str_free(&ch->handlers->write->buf); } if (ch->header.str_len) { efree(ch->header.str); @@ -1495,7 +1497,6 @@ PHP_FUNCTION(curl_exec) if (ch->handlers->write->buf.len > 0) { smart_str_free(&ch->handlers->write->buf); } - RETURN_FALSE; } @@ -1503,10 +1504,8 @@ PHP_FUNCTION(curl_exec) if (ch->handlers->write->method == PHP_CURL_RETURN && ch->handlers->write->buf.len > 0) { --ch->uses; - if (ch->handlers->write->type != PHP_CURL_BINARY) { - smart_str_0(&ch->handlers->write->buf); - } - RETURN_STRINGL(ch->handlers->write->buf.c, ch->handlers->write->buf.len, 0); + smart_str_0(&ch->handlers->write->buf); + RETURN_STRINGL(ch->handlers->write->buf.c, ch->handlers->write->buf.len, 1); } --ch->uses; RETURN_TRUE; @@ -1737,6 +1736,9 @@ static void _php_curl_close(zend_rsrc_list_entry *rsrc TSRMLS_DC) zend_llist_clean(&ch->to_free.slist); zend_llist_clean(&ch->to_free.post); + if (ch->handlers->write->buf.len > 0) { + smart_str_free(&ch->handlers->write->buf); + } if (ch->handlers->write->func_name) { zval_ptr_dtor(&ch->handlers->write->func_name); } @@ -1752,7 +1754,7 @@ static void _php_curl_close(zend_rsrc_list_entry *rsrc TSRMLS_DC) if (ch->header.str_len > 0) { efree(ch->header.str); } - + efree(ch->handlers->write); efree(ch->handlers->write_header); efree(ch->handlers->read); diff --git a/ext/curl/multi.c b/ext/curl/multi.c index d10f188a80..ef91948a28 100644 --- a/ext/curl/multi.c +++ b/ext/curl/multi.c @@ -195,11 +195,8 @@ PHP_FUNCTION(curl_multi_getcontent) ZEND_FETCH_RESOURCE(ch, php_curl *, &z_ch, -1, le_curl_name, le_curl); if (ch->handlers->write->method == PHP_CURL_RETURN && ch->handlers->write->buf.len > 0) { - if (ch->handlers->write->type != PHP_CURL_BINARY) { - smart_str_0(&ch->handlers->write->buf); - } - - RETURN_STRINGL(ch->handlers->write->buf.c, ch->handlers->write->buf.len, 0); + smart_str_0(&ch->handlers->write->buf); + RETURN_STRINGL(ch->handlers->write->buf.c, ch->handlers->write->buf.len, 1); } } -- 2.40.0