php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-29 11:42:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'PHP-7.1' into PHP-7.2

Browse Source
This commit is contained in:
Nikita Popov
2017-11-17 23:21:54 +01:00
parent 1310234aa3 092d0922ea
commit 31d9287d2b
3 changed files with 39 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
NEWS
View File

@@ -13,6 +13,8 @@ PHP NEWS
. Fixed bug #75511 (fread not free unused buffer). (Laruence)
. Fixed bug #75514 (mt_rand returns value outside [$min,$max]+ on 32-bit)
(Remi)
. Fixed bug #75535 (Inappropriately parsing HTTP response leads to PHP
segment fault). (Nikita)
?? ??? ????, PHP 7.2.0

8
ext/standard/http_fopen_wrapper.c
View File

@@ -780,6 +780,10 @@ finish:
&& (*http_header_value == ' ' || *http_header_value == '\t')) {
http_header_value++;
}
} else {
/* There is no colon. Set the value to the end of the header line, which is
* effectively an empty string. */
http_header_value = e;
}
if (!strncasecmp(http_header_line, "Location:", sizeof("Location:")-1)) {
@@ -796,11 +800,11 @@ finish:
strlcpy(location, http_header_value, sizeof(location));
} else if (!strncasecmp(http_header_line, "Content-Type:", sizeof("Content-Type:")-1)) {
php_stream_notify_info(context, PHP_STREAM_NOTIFY_MIME_TYPE_IS, http_header_value, 0);
} else if (!strncasecmp(http_header_line, "Content-Length:", sizeof("Content-Length")-1)) {
} else if (!strncasecmp(http_header_line, "Content-Length:", sizeof("Content-Length:")-1)) {
file_size = atoi(http_header_value);
php_stream_notify_file_size(context, file_size, http_header_line, 0);
} else if (
!strncasecmp(http_header_line, "Transfer-Encoding:", sizeof("Transfer-Encoding")-1)
!strncasecmp(http_header_line, "Transfer-Encoding:", sizeof("Transfer-Encoding:")-1)
&& !strncasecmp(http_header_value, "Chunked", sizeof("Chunked")-1)
) {

31
ext/standard/tests/http/bug75535.phpt Normal file
View File

@@ -0,0 +1,31 @@
--TEST--
Bug #75535: Inappropriately parsing HTTP response leads to PHP segment fault
--SKIPIF--
<?php require 'server.inc'; http_server_skipif('tcp://127.0.0.1:22351'); ?>
--INI--
allow_url_fopen=1
--FILE--
<?php
require 'server.inc';
$responses = array(
"data://text/plain,HTTP/1.0 200 Ok\r\nContent-Length\r\n",
);
$pid = http_server("tcp://127.0.0.1:22351", $responses, $output);
var_dump(file_get_contents('http://127.0.0.1:22351/'));
var_dump($http_response_header);
http_server_kill($pid);
?>
==DONE==
--EXPECT--
string(0) ""
array(2) {
[0]=>
string(15) "HTTP/1.0 200 Ok"
[1]=>
string(14) "Content-Length"
}
==DONE==