summaryrefslogtreecommitdiffstats
path: root/0001-fix-172-provider-token-may-be-not-nul-terminated.patch
diff options
context:
space:
mode:
authorRemi Collet <remi@remirepo.net>2022-05-05 09:42:27 +0200
committerRemi Collet <remi@php.net>2022-05-05 09:42:27 +0200
commitada644228e106a0734e0e535c9c8226adcd2a0d6 (patch)
treecb953e0d7109033704d12c39bdcbe1a541414f23 /0001-fix-172-provider-token-may-be-not-nul-terminated.patch
parent09607088e61111dfaa7338e5c2c93862c617368a (diff)
add fix for https://github.com/laruence/yar/issues/172
using patch from https://github.com/laruence/yar/pull/174
Diffstat (limited to '0001-fix-172-provider-token-may-be-not-nul-terminated.patch')
-rw-r--r--0001-fix-172-provider-token-may-be-not-nul-terminated.patch35
1 files changed, 35 insertions, 0 deletions
diff --git a/0001-fix-172-provider-token-may-be-not-nul-terminated.patch b/0001-fix-172-provider-token-may-be-not-nul-terminated.patch
new file mode 100644
index 0000000..4170681
--- /dev/null
+++ b/0001-fix-172-provider-token-may-be-not-nul-terminated.patch
@@ -0,0 +1,35 @@
+From bef13789e0f6b8cb54015504752036f5a197d3fa Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@remirepo.net>
+Date: Thu, 5 May 2022 09:01:46 +0200
+Subject: [PATCH] fix #172 provider/token may be not nul terminated
+
+---
+ yar_server.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/yar_server.c b/yar_server.c
+index 331284b..b66124e 100644
+--- a/yar_server.c
++++ b/yar_server.c
+@@ -525,8 +525,16 @@ static inline int php_yar_server_auth(zval *obj, yar_header_t *header, yar_respo
+ YAR_TRY {
+ zval auth_params[2];
+
+- ZVAL_STRINGL(&auth_params[0], (char*)header->provider, MIN(strlen(header->provider), 32));
+- ZVAL_STRINGL(&auth_params[1], (char*)header->token, MIN(strlen(header->token), 32));
++ if (memchr(header->provider, 0, 32)) {
++ ZVAL_STRINGL(&auth_params[0], (char*)header->provider, strlen((char *)header->provider));
++ } else {
++ ZVAL_STRINGL(&auth_params[0], (char*)header->provider, 32);
++ }
++ if (memchr(header->token, 0, 32)) {
++ ZVAL_STRINGL(&auth_params[1], (char*)header->token, strlen((char*)header->token));
++ } else {
++ ZVAL_STRINGL(&auth_params[1], (char*)header->token, 32);
++ }
+
+ #if PHP_VERSION_ID < 80000
+ zend_call_method_with_2_params(obj, ce, NULL, "__auth", &ret, auth_params, auth_params + 1);
+--
+2.35.1
+