|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2006-05-25 07:07 UTC] dmitry@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Tue Dec 03 17:01:29 2024 UTC |
Description: ------------ To many CGI variables overflows cgi var table (128 entries) in fastcgi mode, crashing php process. Default env table size (127 usable entries) may be to small in cgi+ssl+force_redirect. Apparently it's fixed in 5.2 branch, but not in 5.1. Expected result: ---------------- No crash, larger env table. Actual result: -------------- Simple fix below increases env table to 256 (255 usable entries) and performs checks where apropriate. diff -ru php-5.1.4/sapi/cgi/fastcgi.c php-5.1.4-patched/sapi/cgi/fastcgi.c --- php-5.1.4/sapi/cgi/fastcgi.c 2006-05-23 14:23:08.000000000 +0200 +++ php-5.1.4-patched/sapi/cgi/fastcgi.c 2006-05-23 08:14:25.000000000 +0200 @@ -401,7 +401,7 @@ int name_len, val_len; char *s; - while (p < end) { + while (p < end && n < FCGI_MAX_ENV_VARS - 1) { name_len = *p++; if (name_len >= 128) { name_len = ((name_len & 0x7f) << 24); @@ -928,7 +928,9 @@ } env++; } - *env = fcgi_strndup(var, var_len); + + if (env < req->env + sizeof(req->env) - 1) + *env = fcgi_strndup(var, var_len); } } diff -ru php-5.1.4/sapi/cgi/fastcgi.h php-5.1.4-patched/sapi/cgi/fastcgi.h --- php-5.1.4/sapi/cgi/fastcgi.h 2006-05-03 17:39:16.000000000 +0200 +++ php-5.1.4-patched/sapi/cgi/fastcgi.h 2006-05-23 07:59:36.000000000 +0200 @@ -26,6 +26,8 @@ #define FCGI_KEEP_CONN 1 +#define FCGI_MAX_ENV_VARS 256 + typedef enum _fcgi_role { FCGI_RESPONDER = 1, FCGI_AUTHORIZER = 2, @@ -105,7 +107,7 @@ unsigned char out_buf[1024*8]; unsigned char reserved[sizeof(fcgi_end_request_rec)]; - char *env[128]; + char *env[FCGI_MAX_ENV_VARS]; } fcgi_request; int fcgi_init(void);