From 602be4a219409f99737aee5060b28500e576e0c6 Mon Sep 17 00:00:00 2001 From: Heiko Weber Date: Wed, 15 Jun 2022 14:17:04 +0200 Subject: [PATCH 1/3] Fix: sapi_getenv: value should be initialized and not used in strlen if NULL/uninitialized --- main/SAPI.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/main/SAPI.c b/main/SAPI.c index d1bd3134b6dee..64783b5432dfb 100644 --- a/main/SAPI.c +++ b/main/SAPI.c @@ -1012,7 +1012,7 @@ SAPI_API char *sapi_getenv(const char *name, size_t name_len) return NULL; } if (sapi_module.getenv) { - char *value, *tmp = sapi_module.getenv(name, name_len); + char *value = NULL, *tmp = sapi_module.getenv(name, name_len); if (tmp) { value = estrdup(tmp); #ifdef PHP_WIN32 @@ -1024,7 +1024,7 @@ SAPI_API char *sapi_getenv(const char *name, size_t name_len) } else { return NULL; } - if (sapi_module.input_filter) { + if (value && sapi_module.input_filter) { sapi_module.input_filter(PARSE_STRING, name, &value, strlen(value), NULL); } return value; From 3d9ad43259d1ab05c125c10f0dd9540bf15b2953 Mon Sep 17 00:00:00 2001 From: Heiko Weber Date: Wed, 15 Jun 2022 16:29:22 +0200 Subject: [PATCH 2/3] unnested --- main/SAPI.c | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/main/SAPI.c b/main/SAPI.c index 64783b5432dfb..d66af577ff09c 100644 --- a/main/SAPI.c +++ b/main/SAPI.c @@ -1007,29 +1007,30 @@ SAPI_API zend_stat_t *sapi_get_stat(void) SAPI_API char *sapi_getenv(const char *name, size_t name_len) { + char *value = NULL, *tmp; + if (!strncasecmp(name, "HTTP_PROXY", name_len)) { /* Ugly fix for HTTP_PROXY issue, see bug #72573 */ return NULL; } - if (sapi_module.getenv) { - char *value = NULL, *tmp = sapi_module.getenv(name, name_len); - if (tmp) { - value = estrdup(tmp); + if (!sapi_module.getenv) { + return NULL; + } + tmp = sapi_module.getenv(name, name_len); + if (!tmp) { + return NULL; + } + value = estrdup(tmp); #ifdef PHP_WIN32 - if (strlen(sapi_module.name) == sizeof("cgi-fcgi") - 1 && !strcmp(sapi_module.name, "cgi-fcgi")) { - /* XXX more modules to go, if needed. */ - free(tmp); - } + if (strlen(sapi_module.name) == sizeof("cgi-fcgi") - 1 && !strcmp(sapi_module.name, "cgi-fcgi")) { + /* XXX more modules to go, if needed. */ + free(tmp); + } #endif - } else { - return NULL; - } - if (value && sapi_module.input_filter) { - sapi_module.input_filter(PARSE_STRING, name, &value, strlen(value), NULL); - } - return value; + if (value && sapi_module.input_filter) { + sapi_module.input_filter(PARSE_STRING, name, &value, strlen(value), NULL); } - return NULL; + return value; } SAPI_API int sapi_get_fd(int *fd) From 2a802b15d7ad3fec32805de6d38b43e1cc828738 Mon Sep 17 00:00:00 2001 From: Heiko Weber Date: Mon, 20 Jun 2022 14:27:40 +0200 Subject: [PATCH 3/3] early return without nestings --- main/SAPI.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/main/SAPI.c b/main/SAPI.c index d66af577ff09c..70ed6a2b9c835 100644 --- a/main/SAPI.c +++ b/main/SAPI.c @@ -1007,13 +1007,13 @@ SAPI_API zend_stat_t *sapi_get_stat(void) SAPI_API char *sapi_getenv(const char *name, size_t name_len) { - char *value = NULL, *tmp; + char *value, *tmp; - if (!strncasecmp(name, "HTTP_PROXY", name_len)) { - /* Ugly fix for HTTP_PROXY issue, see bug #72573 */ + if (!sapi_module.getenv) { return NULL; } - if (!sapi_module.getenv) { + if (!strncasecmp(name, "HTTP_PROXY", name_len)) { + /* Ugly fix for HTTP_PROXY issue, see bug #72573 */ return NULL; } tmp = sapi_module.getenv(name, name_len); @@ -1027,7 +1027,7 @@ SAPI_API char *sapi_getenv(const char *name, size_t name_len) free(tmp); } #endif - if (value && sapi_module.input_filter) { + if (sapi_module.input_filter) { sapi_module.input_filter(PARSE_STRING, name, &value, strlen(value), NULL); } return value;