johannes                                 Mon, 25 Jan 2010 23:06:09 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=294027

Log:
merge r292677: Along with the valid char set, also add a length check to the
session id here to avoid a lower-level error on the open()
later on in case we exceed MAX_PATH.  The lower level open()
error includes the session dir path in it, so this is a very
low-priority security fix.  People should not be running
production systems with display_errors turned on. (rasmus)

Changed paths:
    _U  php/php-src/branches/PHP_5_3_2/
    U   php/php-src/branches/PHP_5_3_2/ext/session/mod_files.c


Property changes on: php/php-src/branches/PHP_5_3_2
___________________________________________________________________
Modified: svn:mergeinfo
   - 
/php/php-src/branches/PHP_5_3:292504,292574,292594-292595,292611,292624,292630,292632-292635,292654,292682,292693,292719,292765
/php/php-src/trunk:284726
   + 
/php/php-src/branches/PHP_5_3:292504,292574,292594-292595,292611,292624,292630,292632-292635,292654,292677,292682,292693,292719,292765
/php/php-src/trunk:284726

Modified: php/php-src/branches/PHP_5_3_2/ext/session/mod_files.c
===================================================================
--- php/php-src/branches/PHP_5_3_2/ext/session/mod_files.c      2010-01-25 
22:59:10 UTC (rev 294026)
+++ php/php-src/branches/PHP_5_3_2/ext/session/mod_files.c      2010-01-25 
23:06:09 UTC (rev 294027)
@@ -87,7 +87,9 @@

        len = p - key;

-       if (len == 0) {
+       /* Somewhat arbitrary length limit here, but should be way more than
+          anyone needs and avoids file-level warnings later on if we exceed 
MAX_PATH */
+       if (len == 0 || len > 128) {
                ret = 0;
        }

@@ -154,7 +156,7 @@
                ps_files_close(data);

                if (!ps_files_valid_key(key)) {
-                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "The 
session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and 
'-,'");
+                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "The 
session id is too long or contains illegal characters, valid characters are 
a-z, A-Z, 0-9 and '-,'");
                        PS(invalid_session_id) = 1;
                        return;
                }

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to