Skip to content

Commit 4a211a8

Browse files
zsuraskizsuraski
committed
@- Fixed RFC1867 file upload under Windows (Zeev)
Fixed a memory leak
1 parent ea45965 commit 4a211a8

File tree

2 files changed

+16
-4
lines changed

2 files changed

+16
-4
lines changed

main/php_variables.c

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -192,7 +192,18 @@ void php_treat_data(int arg, char *str ELS_DC PLS_DC SLS_DC)
192192
INIT_PZVAL(array_ptr);
193193
switch (arg) {
194194
case PARSE_POST:
195-
zend_hash_add_ptr(&EG(symbol_table), "HTTP_POST_VARS", sizeof("HTTP_POST_VARS"), array_ptr, sizeof(pval *),NULL);
195+
if (zend_hash_add_ptr(&EG(symbol_table), "HTTP_POST_VARS", sizeof("HTTP_POST_VARS"), array_ptr, sizeof(pval *),NULL)==FAILURE) {
196+
zval **p;
197+
198+
/* This could happen if we're in RFC 1867 file upload */
199+
/* The parsing portion of the POST reader should actually move
200+
* to this function - Zeev
201+
*/
202+
zval_dtor(array_ptr);
203+
FREE_ZVAL(array_ptr);
204+
zend_hash_find(&EG(symbol_table), "HTTP_POST_VARS", sizeof("HTTP_POST_VARS"), (void **) &p);
205+
array_ptr = *p;
206+
}
196207
break;
197208
case PARSE_GET:
198209
zend_hash_add_ptr(&EG(symbol_table), "HTTP_GET_VARS", sizeof("HTTP_GET_VARS"), array_ptr, sizeof(pval *),NULL);

main/rfc1867.c

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -67,8 +67,9 @@ static void php_mime_split(char *buf, int cnt, char *boundary)
6767
state = 1;
6868

6969
eolsize = 2;
70-
if(*(loc+len)==0x0a)
70+
if(*(loc+len)==0x0a) {
7171
eolsize = 1;
72+
}
7273

7374
rem -= (loc - ptr) + len + eolsize;
7475
ptr = loc + len + eolsize;
@@ -204,7 +205,7 @@ static void php_mime_split(char *buf, int cnt, char *boundary)
204205
php_error(E_WARNING, "File Upload Error - No Mime boundary found after start of file header");
205206
SAFE_RETURN;
206207
}
207-
fn = tempnam(PG(upload_tmp_dir), "php");
208+
fn = tempnam(PG(upload_tmp_dir), "php");
208209
if ((loc - ptr - 4) > PG(upload_max_filesize)) {
209210
php_error(E_WARNING, "Max file size of %ld bytes exceeded - file [%s] not saved", PG(upload_max_filesize),namebuf);
210211
bytes=0;
@@ -217,7 +218,7 @@ static void php_mime_split(char *buf, int cnt, char *boundary)
217218
bytes = 0;
218219
SET_VAR_STRING(namebuf, estrdup("none"));
219220
} else {
220-
fp = fopen(fn, "w");
221+
fp = fopen(fn, "wb");
221222
if (!fp) {
222223
php_error(E_WARNING, "File Upload Error - Unable to open temporary file [%s]", fn);
223224
SAFE_RETURN;

0 commit comments

Comments
 (0)