From: Michael Wallner <mike@php.net>
Date: Mon, 13 Jul 2015 08:35:44 +0000 (+0200)
Subject: Fix gh-issue #2: comparison of obsolete pointers in the header parser
X-Git-Tag: RELEASE_2_5_1~8
X-Git-Url: https://git.m6w6.name/?p=m6w6%2Fext-http;a=commitdiff_plain;h=88c9c06f2aacb4bf29e3f476ab1c41901551a15d;ds=sidebyside

Fix gh-issue #2: comparison of obsolete pointers in the header parser

Closes #2.

The eol_str pointer could become obsolete due to later usage of
php_http_buffer_fix and render the result of arithmetics against the
changed buffer->data pointer useless or harmgful.

Thanks @xiaoyjy.
---

diff --git a/package.xml b/package.xml
index 875d8ec..1f22d38 100644
--- a/package.xml
+++ b/package.xml
@@ -47,6 +47,7 @@ http://dev.iworks.at/ext-http/lcov/ext/http/
  <license>BSD, revised</license>
  <notes><![CDATA[
 * Fixed VC11 build (Jan Erhardt)
+* Fixed gh-issue #2: comparison of obsolete pointers in the header parser (xiaoyjy)
 ]]></notes>
  <contents>
   <dir name="/">
diff --git a/php_http_header_parser.c b/php_http_header_parser.c
index 2fbcb93..46551e2 100644
--- a/php_http_header_parser.c
+++ b/php_http_header_parser.c
@@ -146,11 +146,14 @@ php_http_header_parser_state_t php_http_header_parser_parse(php_http_header_pars
 				const char *colon, *eol_str = NULL;
 				int eol_len = 0;
 
+				/* fix buffer here, so eol_str pointer doesn't become obsolete afterwards */
+				php_http_buffer_fix(buffer);
+
 				if (buffer->data == (eol_str = php_http_locate_bin_eol(buffer->data, buffer->used, &eol_len))) {
 					/* end of headers */
 					php_http_buffer_cut(buffer, 0, eol_len);
 					php_http_header_parser_state_push(parser, 1, PHP_HTTP_HEADER_PARSER_STATE_DONE);
-				} else if (php_http_info_parse(&parser->info, php_http_buffer_fix(buffer)->data TSRMLS_CC)) {
+				} else if (php_http_info_parse(&parser->info, buffer->data TSRMLS_CC)) {
 					/* new message starting with request/response line */
 					if (callback_func) {
 						callback_func(callback_arg, &headers, &parser->info TSRMLS_CC);
@@ -176,7 +179,6 @@ php_http_header_parser_state_t php_http_header_parser_parse(php_http_header_pars
 					php_http_header_parser_state_push(parser, 1, PHP_HTTP_HEADER_PARSER_STATE_VALUE);
 				} else if (eol_str || (flags & PHP_HTTP_HEADER_PARSER_CLEANUP)) {
 					/* neither reqeust/response line nor 'header:' string, or injected new line or NUL etc. */
-					php_http_buffer_fix(buffer);
 					php_http_header_parser_error(strspn(buffer->data, PHP_HTTP_HEADER_NAME_CHARS), buffer->data, buffer->used, eol_str TSRMLS_CC);
 					return php_http_header_parser_state_push(parser, 1, PHP_HTTP_HEADER_PARSER_STATE_FAILURE);
 				} else {