mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-11-24 02:15:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

FPM: Fix use after free in fpm_evaluate_full_path

Browse Source 
Closes #8796.
This commit is contained in:
Heiko Weber 2022-06-15 23:17:00 +02:00 committed by David Carlier
parent 26feb2e6f2
commit a83363e361
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
NEWS
View File

@ -45,6 +45,7 @@ PHP NEWS
. Fixed ACL build check on MacOS. (David Carlier)
. Fixed bug #72185: php-fpm writes empty fcgi record causing nginx 502.
(Jakub Zelenka, loveharmful)
. Fixes use after free. (Heiko Weber).
- Mysqlnd:
. Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626)

2
sapi/fpm/fpm/fpm_conf.c
View File

@ -766,8 +766,8 @@ static int fpm_evaluate_full_path(char **path, struct fpm_worker_pool_s *wp, cha
}
if (strlen(*path) > strlen("$prefix")) {
free(*path);
tmp = strdup((*path) + strlen("$prefix"));
free(*path);
*path = tmp;
} else {
free(*path);