Browse Source

Fixed double-free in the digest authentication handling.

# Found and Reported by Stefan Esser
PHP-5.1
Ilia Alshanetsky 21 years ago
parent
commit
0131b2b032
  1. 2
      main/SAPI.c
  2. 8
      main/main.c

2
main/SAPI.c

@ -455,7 +455,7 @@ SAPI_API void sapi_initialize_empty_request(TSRMLS_D)
{
SG(server_context) = NULL;
SG(request_info).request_method = NULL;
SG(request_info).auth_user = SG(request_info).auth_password = NULL;
SG(request_info).auth_digest = SG(request_info).auth_user = SG(request_info).auth_password = NULL;
SG(request_info).content_type_dup = NULL;
}

8
main/main.c

@ -1767,13 +1767,19 @@ PHPAPI int php_handle_auth_data(const char *auth TSRMLS_DC)
if (ret == -1) {
SG(request_info).auth_user = SG(request_info).auth_password = NULL;
} else {
SG(request_info).auth_digest = NULL;
}
if (auth && auth[0] != '\0' && strncmp(auth, "Digest ", 7) == 0) {
if (ret == -1 && auth && auth[0] != '\0' && strncmp(auth, "Digest ", 7) == 0) {
SG(request_info).auth_digest = estrdup(auth);
ret = 0;
}
if (ret == -1) {
SG(request_info).auth_digest = NULL;
}
return ret;
}
/* }}} */

Loading…
Cancel
Save