From: Michael Wallner <mike@php.net>
Date: Fri, 23 Sep 2005 12:00:30 +0000 (+0000)
Subject: - fixed a gotcha in http_chunked_decode (-size_t is always > 0)
X-Git-Tag: RELEASE_0_14_0~5
X-Git-Url: https://git.m6w6.name/?p=m6w6%2Fext-http;a=commitdiff_plain;h=ffc893b125c6cc9b385a68a357b08ba2cc4e91f6;hp=c16b8f2e6a9ada7d9496b43ba3c1b3cf119e6708

- fixed a gotcha in http_chunked_decode (-size_t is always > 0)
- avoid unneccessary initialization operations
---

diff --git a/config.m4 b/config.m4
index cb340f5..ec5b519 100644
--- a/config.m4
+++ b/config.m4
@@ -3,7 +3,7 @@ dnl $Id$
 
 PHP_ARG_ENABLE([http], [whether to enable extended HTTP support],
 [  --enable-http           Enable extended HTTP support])
-PHP_ARG_WITH([http-curl-requests], [wheter to enable cURL HTTP requests],
+PHP_ARG_WITH([http-curl-requests], [whether to enable cURL HTTP requests],
 [  --with-http-curl-requests[=CURLDIR]
                            With cURL HTTP request support])
 PHP_ARG_WITH([http-mhash-etags], [whether to enable mhash ETag generator],
diff --git a/http_api.c b/http_api.c
index eec41da..eebfeb2 100644
--- a/http_api.c
+++ b/http_api.c
@@ -295,24 +295,28 @@ PHP_HTTP_API const char *_http_chunked_decode(const char *encoded, size_t encode
 {
 	const char *e_ptr;
 	char *d_ptr;
+	long rest;
 	
 	*decoded_len = 0;
 	*decoded = ecalloc(1, encoded_len);
 	d_ptr = *decoded;
 	e_ptr = encoded;
 
-	while (((e_ptr - encoded) - encoded_len) > 0) {
-		size_t chunk_len = 0, EOL_len = 0;
-		int eol_mismatch = 0;
+	while ((rest = encoded + encoded_len - e_ptr) > 0) {
+		long chunk_len = 0;
+		int EOL_len = 0, eol_mismatch = 0;
 		char *n_ptr;
 
 		chunk_len = strtol(e_ptr, &n_ptr, 16);
 
 		/* check if:
 		 * - we could not read in chunk size
+		 * - we got a negative chunk size
+		 * - chunk size is greater then remaining size
 		 * - chunk size is not followed by (CR)LF|NUL
 		 */
-		if ((n_ptr == e_ptr) || (*n_ptr && (eol_mismatch = n_ptr != http_locate_eol(e_ptr, &EOL_len)))) {
+		if (	(n_ptr == e_ptr) ||	(chunk_len < 0) || (chunk_len > rest) || 
+				(*n_ptr && (eol_mismatch = (n_ptr != http_locate_eol(e_ptr, &EOL_len))))) {
 			/* don't fail on apperently not encoded data */
 			if (e_ptr == encoded) {
 				memcpy(*decoded, encoded, encoded_len);
diff --git a/http_headers_api.c b/http_headers_api.c
index 8a4ecc5..63c46ab 100644
--- a/http_headers_api.c
+++ b/http_headers_api.c
@@ -154,7 +154,7 @@ PHP_HTTP_API HashTable *_http_negotiate_q(const char *header, HashTable *support
 					
 					while (*++ptr && !isdigit(*ptr));
 					
-					quality = strtod(ptr, NULL);
+					quality = atof(ptr);
 					identifier = estrndup(Z_STRVAL_PP(entry), separator - Z_STRVAL_PP(entry));
 				} else {
 					quality = 1000.0 - i++;
diff --git a/http_message_object.c b/http_message_object.c
index e3a1617..058f963 100644
--- a/http_message_object.c
+++ b/http_message_object.c
@@ -160,9 +160,6 @@ zend_object_value _http_message_object_new_ex(zend_class_entry *ce, http_message
 
 	o = ecalloc(1, sizeof(http_message_object));
 	o->zo.ce = ce;
-	o->message = NULL;
-	o->parent.handle = 0;
-	o->parent.handlers = NULL;
 
 	if (msg) {
 		o->message = msg;
diff --git a/http_request_object.c b/http_request_object.c
index f1f2551..9c5e902 100644
--- a/http_request_object.c
+++ b/http_request_object.c
@@ -306,7 +306,6 @@ zend_object_value _http_request_object_new(zend_class_entry *ce TSRMLS_DC)
 	o = ecalloc(1, sizeof(http_request_object));
 	o->zo.ce = ce;
 	o->ch = curl_easy_init();
-	o->pool = NULL;
 
 	phpstr_init(&o->history);
 	phpstr_init(&o->request);
diff --git a/http_requestpool_object.c b/http_requestpool_object.c
index c917d86..f312b7f 100644
--- a/http_requestpool_object.c
+++ b/http_requestpool_object.c
@@ -108,7 +108,6 @@ zend_object_value _http_requestpool_object_new(zend_class_entry *ce TSRMLS_DC)
 	o->zo.ce = ce;
 
 	http_request_pool_init(&o->pool);
-	o->iterator.pos = 0;
 
 	ALLOC_HASHTABLE(OBJ_PROP(o));
 	zend_hash_init(OBJ_PROP(o), 0, NULL, ZVAL_PTR_DTOR, 0);
diff --git a/http_response_object.c b/http_response_object.c
index 2307198..93c8f0c 100644
--- a/http_response_object.c
+++ b/http_response_object.c
@@ -41,6 +41,9 @@
 #ifdef HTTP_HAVE_MHASH
 #	include <mhash.h>
 #endif
+#ifdef HTTP_HAVE_MAGIC
+#	include <magic.h>
+#endif
 
 ZEND_EXTERN_MODULE_GLOBALS(http);
 
diff --git a/package2.xml b/package2.xml
index 0556503..33a0aaa 100644
--- a/package2.xml
+++ b/package2.xml
@@ -49,8 +49,6 @@
 + Added supported ETag hash algrithms to php_info() output
 + Added ETag hashing through PHPs CRC32() implementation
 + Added new language/charset negotiator
-+ Added HttpMessage::setBody()
-+ Added HttpRequest raw post data support
 
 * Changed HttpMessage::toString([include_parent = true]) to false
 * Renamed HTTP_GET etc. constants to HTTP_METH_GET
diff --git a/php_http_api.h b/php_http_api.h
index fc34e87..826f6cd 100644
--- a/php_http_api.h
+++ b/php_http_api.h
@@ -84,7 +84,7 @@ static inline const char *_http_locate_body(const char *message)
 }
 
 #define http_locate_eol _http_locate_eol
-static inline const char *_http_locate_eol(const char *line, size_t *eol_len)
+static inline const char *_http_locate_eol(const char *line, int *eol_len)
 {
 	const char *eol = strpbrk(line, "\r\n");