From 58c167168d6c38767768fbf1e862273f34ef6f3c Mon Sep 17 00:00:00 2001
From: Ilia Alshanetsky <iliaa@php.net>
Date: Mon, 26 Feb 2007 02:12:36 +0000
Subject: [PATCH] Revert previous commit that caused a buffer overflow (Bug
 #40634)

---
 ext/standard/head.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/ext/standard/head.c b/ext/standard/head.c
index 7240d777d3..417f8df5f0 100644
--- a/ext/standard/head.c
+++ b/ext/standard/head.c
@@ -94,6 +94,9 @@ PHPAPI int php_setcookie(char *name, int name_len, char *value, int value_len, t
 	if (domain) {
 		len += domain_len;
 	}
+
+	cookie = emalloc(len + 100);
+
 	if (value && value_len == 0) {
 		/* 
 		 * MSIE doesn't delete a cookie when you set it to a null value
@@ -102,10 +105,10 @@ PHPAPI int php_setcookie(char *name, int name_len, char *value, int value_len, t
 		 */
 		time_t t = time(NULL) - 31536001;
 		dt = php_format_date("D, d-M-Y H:i:s T", sizeof("D, d-M-Y H:i:s T")-1, t, 0 TSRMLS_CC);
-		spprintf(&cookie, 0, "Set-Cookie: %s=deleted; expires=%s", name, dt);
+		snprintf(cookie, len + 100, "Set-Cookie: %s=deleted; expires=%s", name, dt);
 		efree(dt);
 	} else {
-		spprintf(&cookie, 0, "Set-Cookie: %s=%s", name, value ? encoded_value : "");
+		snprintf(cookie, len + 100, "Set-Cookie: %s=%s", name, value ? encoded_value : "");
 		if (expires > 0) {
 			strlcat(cookie, "; expires=", len + 100);
 			dt = php_format_date("D, d-M-Y H:i:s T", sizeof("D, d-M-Y H:i:s T")-1, expires, 0 TSRMLS_CC);
-- 
2.50.1