frankenphp
ccb268d5 - fix: avoid out-of-bounds read when parsing the response status line (#2464)

Commit
18 days ago
fix: avoid out-of-bounds read when parsing the response status line (#2464) `frankenphp_send_headers` parsed the status with `atoi(http_status_line + 9)`, assuming a fixed 9-byte `"HTTP/x.y "` prefix. `header("HTTP/")` (5 bytes) makes `+9` read past the buffer. ASan confirms a heap-buffer-overflow read in `atoi`, 3 bytes past the `estrndup`'d line. PHP already parses the code into `http_response_code` (via `sapi_update_response_code()`), so the reparse was redundant and unsafe. Use it directly. Tests in `statusline_test.go` (run under `-asan`) cover the short line and a valid `HTTP/1.1 418` line.
Author
Parents
Loading