[2004-03-24 23:13 UTC] msisolak at yahoo dot com

Description:
------------
There is a bug in the sapi_header_op() function in main/sapi.c (referencing the 5.0.0RC1 line numbers).  In the special case for the Content-Type header starting on line 560 is this code:

size_t len = header_line_len - (ptr - header_line), newlen;
while (*ptr == ' ' && *ptr != '\0') {
	ptr++;
}

The mistake is in calculating the len based on the location of ptr, but then adjusting ptr up to shorten the string to remove leading spaces without also adjusting len down.  The len variable ends up being one character too long for each space removed from between the colon and the content type.  This extra space propagates through and ends up causing random extra characters on the end of the Content-Type line in the output headers (one for each space skipped).

Suggested patch:

--- sapi.c.orig	Wed Mar 24 23:07:58 2004
+++ sapi.c	Wed Mar 24 23:08:04 2004
@@ -562,6 +562,7 @@
 				size_t len = header_line_len - (ptr - header_line), newlen;
 				while (*ptr == ' ' && *ptr != '\0') {
 					ptr++;
+					len--;
 				}
 #if HAVE_ZLIB
 				if(!strncmp(ptr, "image/", sizeof("image/")-1)) {



Reproduce code:
---------------
<?php
	header("Content-Type: text/plain");
?>

Expected result:
----------------
The Content-Type header delivered with my default character set attached ("utf-8"):

Content-Type: text/plain;charset=utf-8

Actual result:
--------------
Becuase the length is overstated by one, there is an extra character attached to the end of the Content-Type header.  Running IIS CGI this character is an ascii-Z and IIS reports "not all headers returned."

 [2004-03-25 03:38 UTC] helly@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.