main main.c

Ilia Alshanetsky Wed, 16 Feb 2005 20:49:55 -0800

iliaa           Wed Feb 16 23:46:53 2005 EDT

  Modified files:              (Branch: PHP_4_3)
    /php-src    NEWS 
    /php-src/main       main.c 
  Log:
  MFH: MFH: Fixed bug #31440 ($GLOBALS can be overwritten via GPC when 
  register_globals is enabled).
  
  
http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1247.2.836&r2=1.1247.2.837&ty=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.836 php-src/NEWS:1.1247.2.837
--- php-src/NEWS:1.1247.2.836   Wed Feb 16 23:45:21 2005
+++ php-src/NEWS        Wed Feb 16 23:46:52 2005
@@ -33,6 +33,8 @@
   non-existent object ref). (Tony)
 - Fixed bug #31444 (Memory leak in zend_language_scanner.c).
   (hexer at studentcenter dot org)
+- Fixed bug #31440 ($GLOBALS can be overwritten via GPC when 
+  register_globals is enabled). (Ilia)
 - Fixed bug #31413 (curl POSTFIELDS crashes on 64-bit platforms). (Joe)
 - Fixed bug #31396 (compile fails with gd 2.0.33 without freetype). (Jani)
 - Fixed bug #31371 (highlight_file() trims new line after heredoc). (Ilia)
http://cvs.php.net/diff.php/php-src/main/main.c?r1=1.512.2.58&r2=1.512.2.59&ty=u
Index: php-src/main/main.c
diff -u php-src/main/main.c:1.512.2.58 php-src/main/main.c:1.512.2.59
--- php-src/main/main.c:1.512.2.58      Sun Jan  9 11:30:22 2005
+++ php-src/main/main.c Wed Feb 16 23:46:52 2005
@@ -18,7 +18,7 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id: main.c,v 1.512.2.58 2005/01/09 16:30:22 sniper Exp $ */
+/* $Id: main.c,v 1.512.2.59 2005/02/17 04:46:52 iliaa Exp $ */
 
 /* {{{ includes
  */
@@ -1342,6 +1342,7 @@
        ulong             num_key;
        HashPosition      pos;
        int               key_type;
+       int               globals_check = (PG(register_globals) && (dest == 
(&EG(symbol_table))));
 
        zend_hash_internal_pointer_reset_ex(src, &pos);
        while (zend_hash_get_current_data_ex(src, (void **)&src_entry, &pos) == 
SUCCESS) {
@@ -1352,7 +1353,12 @@
                                || Z_TYPE_PP(dest_entry) != IS_ARRAY) {
                        (*src_entry)->refcount++;
                        if (key_type == HASH_KEY_IS_STRING) {
-                               zend_hash_update(dest, string_key, 
strlen(string_key)+1, src_entry, sizeof(zval *), NULL);
+                               /* if register_globals is on and working with 
main symbol table, prevent overwriting of GLOBALS */
+                               if (!globals_check || string_key_len != 
sizeof("GLOBALS") || memcmp(string_key, "GLOBALS", sizeof("GLOBALS") - 1)) {
+                                       zend_hash_update(dest, string_key, 
string_key_len, src_entry, sizeof(zval *), NULL);
+                               } else {
+                                       (*src_entry)->refcount--;
+                               }
                        } else {
                                zend_hash_index_update(dest, num_key, 
src_entry, sizeof(zval *), NULL);
                        }


-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php-src(PHP_4_3) / NEWS /main main.c

Reply via email to