Handle NULL strings in sapi_cli_server_register_variable().

Fixes bug #68745 (Invalid HTTP requests make web server segfault).

Author: LawnGnome

NEWS

@@ -23,6 +23,9 @@ PHP                                                                        NEWS
 - CGI:
   . Fix bug #68618 (out of bounds read crashes php-cgi). (Stas)
 
+- CLI server:
+  . Fix bug #68745 (Invalid HTTP requests make web server segfault). (Adam)
+
 - cURL:
   . Fixed bug #67643 (curl_multi_getcontent returns '' when
     CURLOPT_RETURNTRANSFER isn't set). (Jille Timmermans)

sapi/cli/php_cli_server.c

@@ -708,6 +708,11 @@ static void sapi_cli_server_register_variable(zval *track_vars_array, const char
 {
 	char *new_val = (char *)val;
 	uint new_val_len;
+
+	if (NULL == val) {
+		return;
+	}
+
 	if (sapi_module.input_filter(PARSE_SERVER, (char*)key, &new_val, strlen(val), &new_val_len TSRMLS_CC)) {
 		php_register_variable_safe((char *)key, new_val, new_val_len, track_vars_array TSRMLS_CC);
 	}

sapi/cli/tests/bug68745.phpt

@@ -0,0 +1,34 @@
+--TEST--
+Bug #68745 (Invalid HTTP requests make web server segfault)
+--SKIPIF--
+<?php
+include "skipif.inc";
+?>
+--FILE--
+<?php
+include "php_cli_server.inc";
+php_cli_server_start('var_dump(count($_SERVER));', 'not-index.php');
+
+list($host, $port) = explode(':', PHP_CLI_SERVER_ADDRESS);
+$port = intval($port)?:80;
+
+$fp = fsockopen($host, $port, $errno, $errstr, 0.5);
+if (!$fp) {
+  die("connect failed");
+}
+
+if(fwrite($fp, "GET www.example.com:80 HTTP/1.1\r\n\r\n")) {
+    while (!feof($fp)) {
+        echo fgets($fp);
+    }
+}
+
+fclose($fp);
+?>
+--EXPECTF--
+HTTP/1.1 200 OK
+Connection: close
+X-Powered-By: %s
+Content-type: text/html
+
+int(%d)