---
These issues are not serious(only triggerable by the runner/caller of the PHP
program), so no need to make them private.
sapi/litespeed/lsapilib.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/sapi/litespeed/lsapilib.c b/sapi/litespeed/lsapilib.c
index 2e60701..16aade0 100644
--- a/sapi/litespeed/lsapilib.c
+++ b/sapi/litespeed/lsapilib.c
@@ -1872,10 +1872,12 @@ static char * GetHeaderVar( LSAPI_Request * pReq, const
char * name )
char * LSAPI_GetEnv_r( LSAPI_Request * pReq, const char * name )
{
+ if ( !pReq || !name )
+ return NULL;
+
struct LSAPI_key_value_pair * pBegin = pReq->m_pEnvList;
struct LSAPI_key_value_pair * pEnd = pBegin + pReq->m_pHeader->m_cntEnv;
- if ( !pReq || !name )
- return NULL;
+
if ( strncmp( name, "HTTP_", 5 ) == 0 )
{
return GetHeaderVar( pReq, name );
@@ -2282,7 +2284,7 @@ int LSAPI_ParseSockAddr( const char * pBind, struct
sockaddr * pAddr )
while( isspace( *pBind ) )
++pBind;
- strncpy( achAddr, pBind, 256 );
+ strncpy( achAddr, pBind, sizeof(pBind) );
switch( *p )
{
@@ -3112,6 +3114,10 @@ static int lsapi_initSuEXEC()
if ( !s_defaultUid || !s_defaultGid )
{
pw = getpwnam( "nobody" );
+ if(!pw) {
+ perror( "Can't get uid for user 'nobody'" );
+ return -1;
+ }
if ( !s_defaultUid )
s_defaultUid = pw->pw_uid;
if ( !s_defaultGid )
@@ -3376,7 +3382,7 @@ void lsapi_MD5Final(unsigned char digest[16], struct
lsapi_MD5Context *ctx)
lsapi_MD5Transform(ctx->buf, (uint32 *) ctx->in);
byteReverse((unsigned char *) ctx->buf, 4);
memmove(digest, ctx->buf, 16);
- memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */
+ memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */
}
/* The four core functions - F1 is optimized somewhat */
--
1.9.1
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
