From 91bcba0343f58ab6a3702606957dd0c7a4d95862 Mon Sep 17 00:00:00 2001 From: Pierre Joye Date: Fri, 30 Apr 2010 08:15:09 +0000 Subject: [PATCH] - Fix #51688, ini per dir crashes when invalid document root are given --- NEWS | 2 ++ sapi/cgi/cgi_main.c | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/NEWS b/NEWS index 9c9a40df46..50c70a4b88 100644 --- a/NEWS +++ b/NEWS @@ -35,6 +35,8 @@ PHP NEWS requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert) - Fixed 64-bit integer overflow in mhash_keygen_s2k(). (Clément LECIGNE, Stas) +- Fixed bug #51688 (ini per dir crashes when invalid document root are given). + (Pierre) - Fixed bug #51671 (imagefill does not work correctly for small images). (Pierre) - Fixed bug #51670 (getColumnMeta causes segfault when re-executing query diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c index 90158fb616..4c7d020a50 100644 --- a/sapi/cgi/cgi_main.c +++ b/sapi/cgi/cgi_main.c @@ -735,6 +735,10 @@ static void php_cgi_ini_activate_user_config(char *path, int path_len, const cha if (!IS_ABSOLUTE_PATH(path, path_len)) { real_path = tsrm_realpath(path, NULL TSRMLS_CC); + /* see #51688, looks like we may get invalid path as doc root using cgi with apache */ + if (real_path == NULL) { + return; + } real_path_len = strlen(real_path); path = real_path; path_len = real_path_len; -- 2.40.0