From 9e4d03885eb7d42b6fdb40882d17db2c13cd9b5a Mon Sep 17 00:00:00 2001
From: Dmitry Stogov <dmitry@php.net>
Date: Thu, 3 Apr 2008 10:24:58 +0000
Subject: [PATCH] - Fixed possible stack buffer overflow in FastCGI SAPI.
 (Andrey Nigmatulin) - Fixed sending of uninitialized paddings which may
 contain some information.   (Andrey Nigmatulin)

---
 sapi/cgi/fastcgi.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/sapi/cgi/fastcgi.c b/sapi/cgi/fastcgi.c
index ceb5edea9e..ed9afcea83 100644
--- a/sapi/cgi/fastcgi.c
+++ b/sapi/cgi/fastcgi.c
@@ -593,6 +593,9 @@ static inline int fcgi_make_header(fcgi_header *hdr, fcgi_request_type type, int
 	hdr->reserved = 0;
 	hdr->type = type;
 	hdr->version = FCGI_VERSION_1;
+	if (pad) {
+		memset(((unsigned char*)hdr) + sizeof(fcgi_header) + len, 0, pad);
+	}
 	return pad;
 }
 
@@ -777,7 +780,7 @@ int fcgi_read(fcgi_request *req, char *str, int len)
 {
 	int ret, n, rest;
 	fcgi_header hdr;
-	unsigned char buf[8];
+	unsigned char buf[255];
 
 	n = 0;
 	rest = len;
-- 
2.50.1