com php-src: Fixed bug #61461 (missing checks around malloc() calls).: NEWS sapi/cli/php_cli_server.c

From: Date: Wed, 21 Mar 2012 01:07:08 +0000
Subject: com php-src: Fixed bug #61461 (missing checks around malloc() calls).: NEWS sapi/cli/php_cli_server.c
Groups: php.cvs 
Request: Send a blank email to [email protected] to get a copy of this message 
Commit:    9dcfb8c73fd639485182497ae5a8fc7d7ca7eb11
Author:    Ilia Alshanetsky <[email protected]>         Tue, 20 Mar 2012 21:07:08 -0400
Parents:   f3f76e5e8af265cd59d8edb7fb0827be6abc9a5a
Branches:  PHP-5.4

Link:       http://git.php.net/?p=php-src.git;a=commitdiff;h=9dcfb8c73fd639485182497ae5a8fc7d7ca7eb11

Log:
Fixed bug #61461 (missing checks around malloc() calls).

Bugs:
https://bugs.php.net/61461

Changed paths:
  M  NEWS
  M  sapi/cli/php_cli_server.c


Diff:
9dcfb8c73fd639485182497ae5a8fc7d7ca7eb11
diff --git a/NEWS b/NEWS
index ae0d190...af4f4c9 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,7 @@ PHP                                                                        NEWS
 ?? ??? 2012, PHP 5.4.1 RC1
 
 - CLI Server:
+  . Fixed bug #61461 (missing checks around malloc() calls). (Ilia)
   . Implemented FR #60850 (Built in web server does not set 
     $_SERVER['SCRIPT_FILENAME'] when using router). (Laruence)
   . "Connection: close" instead of "Connection: closed" (Gustavo)
diff --git a/sapi/cli/php_cli_server.c b/sapi/cli/php_cli_server.c
index 88f5d78..79ccea3 100644
--- a/sapi/cli/php_cli_server.c
+++ b/sapi/cli/php_cli_server.c
@@ -1281,6 +1281,10 @@ static void php_cli_server_request_translate_vpath(php_cli_server_request
*reque
 	size_t prev_patch_len;
 	int  is_static_file = 0;
 
+	if (!buf) {
+		return;
+	}
+
 	memmove(p, document_root, document_root_len);
 	p += document_root_len;
 	vpath = p;
@@ -1536,6 +1540,9 @@ static int php_cli_server_client_read_request_on_body(php_http_parser *parser,
c
 	php_cli_server_client *client = parser->data;
 	if (!client->request.content) {
 		client->request.content = pemalloc(parser->content_length, 1);
+		if (!client->request.content) {
+			return -1;
+		}
 		client->request.content_len = 0;
 	}
 	memmove(client->request.content + client->request.content_len, at, length);
@@ -1606,6 +1613,9 @@ static int php_cli_server_client_read_request(php_cli_server_client *client,
cha
 	}
 	if (client->current_header_name) {
 		char *header_name = safe_pemalloc(client->current_header_name_len, 1, 1, 1);
+		if (!header_name) {
+			return -1;
+		}
 		memmove(header_name, client->current_header_name, client->current_header_name_len);
 		client->current_header_name = header_name;
 		client->current_header_name_allocated = 1;

Thread (1 message)

  • Ilia Alshanetsky
« previous php.cvs (#68105) next »