Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:80943 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 7044 invoked from network); 21 Jan 2015 18:27:32 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 21 Jan 2015 18:27:32 -0000 Authentication-Results: pb1.pair.com smtp.mail=git@internot.info; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=git@internot.info; sender-id=pass Received-SPF: pass (pb1.pair.com: domain internot.info designates 185.57.82.47 as permitted sender) X-PHP-List-Original-Sender: git@internot.info X-Host-Fingerprint: 185.57.82.47 mail.internot.info Received: from [185.57.82.47] ([185.57.82.47:46199] helo=mail.internot.info) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 73/BA-49046-29FEFB45 for ; Wed, 21 Jan 2015 13:27:30 -0500 To: internals@lists.php.net Cc: Joshua Rogers Date: Thu, 22 Jan 2015 05:27:16 +1100 Message-ID: <1421864838-21962-1-git-send-email-git@internot.info> Subject: [PATCH 1/3] Fix multiple pieces of code in lsapilib.c. From: git@internot.info (Joshua Rogers) --- These issues are not serious(only triggerable by the runner/caller of the PHP program), so no need to make them private. sapi/litespeed/lsapilib.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/sapi/litespeed/lsapilib.c b/sapi/litespeed/lsapilib.c index 2e60701..16aade0 100644 --- a/sapi/litespeed/lsapilib.c +++ b/sapi/litespeed/lsapilib.c @@ -1872,10 +1872,12 @@ static char * GetHeaderVar( LSAPI_Request * pReq, const char * name ) char * LSAPI_GetEnv_r( LSAPI_Request * pReq, const char * name ) { + if ( !pReq || !name ) + return NULL; + struct LSAPI_key_value_pair * pBegin = pReq->m_pEnvList; struct LSAPI_key_value_pair * pEnd = pBegin + pReq->m_pHeader->m_cntEnv; - if ( !pReq || !name ) - return NULL; + if ( strncmp( name, "HTTP_", 5 ) == 0 ) { return GetHeaderVar( pReq, name ); @@ -2282,7 +2284,7 @@ int LSAPI_ParseSockAddr( const char * pBind, struct sockaddr * pAddr ) while( isspace( *pBind ) ) ++pBind; - strncpy( achAddr, pBind, 256 ); + strncpy( achAddr, pBind, sizeof(pBind) ); switch( *p ) { @@ -3112,6 +3114,10 @@ static int lsapi_initSuEXEC() if ( !s_defaultUid || !s_defaultGid ) { pw = getpwnam( "nobody" ); + if(!pw) { + perror( "Can't get uid for user 'nobody'" ); + return -1; + } if ( !s_defaultUid ) s_defaultUid = pw->pw_uid; if ( !s_defaultGid ) @@ -3376,7 +3382,7 @@ void lsapi_MD5Final(unsigned char digest[16], struct lsapi_MD5Context *ctx) lsapi_MD5Transform(ctx->buf, (uint32 *) ctx->in); byteReverse((unsigned char *) ctx->buf, 4); memmove(digest, ctx->buf, 16); - memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */ + memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */ } /* The four core functions - F1 is optimized somewhat */ -- 1.9.1