iliaa Sun Dec 31 22:25:55 2006 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/session session.c
Log:
Added boundary checks to php_binary deserializer
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.22&r2=1.417.2.8.2.23&diff_format=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.417.2.8.2.22
php-src/ext/session/session.c:1.417.2.8.2.23
--- php-src/ext/session/session.c:1.417.2.8.2.22 Tue Dec 26 16:53:47 2006
+++ php-src/ext/session/session.c Sun Dec 31 22:25:55 2006
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: session.c,v 1.417.2.8.2.22 2006/12/26 16:53:47 iliaa Exp $ */
+/* $Id: session.c,v 1.417.2.8.2.23 2006/12/31 22:25:55 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -471,6 +471,11 @@
for (p = val; p < endptr; ) {
zval **tmp;
namelen = *p & (~PS_BIN_UNDEF);
+
+ if (namelen > PS_BIN_MAX || (p + namelen) >= endptr) {
+ return FAILURE;
+ }
+
has_value = *p & PS_BIN_UNDEF ? 0 : 1;
name = estrndup(p + 1, namelen);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
