Revert previous commit that caused a buffer overflow (Bug #40634)

Author: Ilia Alshanetsky

ext/standard/head.c

@@ -94,6 +94,9 @@ PHPAPI int php_setcookie(char *name, int name_len, char *value, int value_len, t
 	if (domain) {
 		len += domain_len;
 	}
+
+	cookie = emalloc(len + 100);
+
 	if (value && value_len == 0) {
 		/* 
 		 * MSIE doesn't delete a cookie when you set it to a null value
@@ -102,10 +105,10 @@ PHPAPI int php_setcookie(char *name, int name_len, char *value, int value_len, t
 		 */
 		time_t t = time(NULL) - 31536001;
 		dt = php_format_date("D, d-M-Y H:i:s T", sizeof("D, d-M-Y H:i:s T")-1, t, 0 TSRMLS_CC);
-		spprintf(&cookie, 0, "Set-Cookie: %s=deleted; expires=%s", name, dt);
+		snprintf(cookie, len + 100, "Set-Cookie: %s=deleted; expires=%s", name, dt);
 		efree(dt);
 	} else {
-		spprintf(&cookie, 0, "Set-Cookie: %s=%s", name, value ? encoded_value : "");
+		snprintf(cookie, len + 100, "Set-Cookie: %s=%s", name, value ? encoded_value : "");
 		if (expires > 0) {
 			strlcat(cookie, "; expires=", len + 100);
 			dt = php_format_date("D, d-M-Y H:i:s T", sizeof("D, d-M-Y H:i:s T")-1, expires, 0 TSRMLS_CC);