hi Dmitry, As of yesterday, please add it to php.ini and to the UPGRADING guide :)
Thanks! On Thu, Dec 15, 2011 at 9:47 AM, Dmitry Stogov <dmi...@php.net> wrote: > dmitry Thu, 15 Dec 2011 08:47:03 +0000 > > Revision: http://svn.php.net/viewvc?view=revision&revision=321038 > > Log: > Added max_input_vars directive to prevent attacks based on hash collisions > > Changed paths: > U php/php-src/branches/PHP_5_3/NEWS > U php/php-src/branches/PHP_5_3/main/main.c > U php/php-src/branches/PHP_5_3/main/php_globals.h > U php/php-src/branches/PHP_5_3/main/php_variables.c > > Modified: php/php-src/branches/PHP_5_3/NEWS > =================================================================== > --- php/php-src/branches/PHP_5_3/NEWS 2011-12-15 07:28:28 UTC (rev 321037) > +++ php/php-src/branches/PHP_5_3/NEWS 2011-12-15 08:47:03 UTC (rev 321038) > @@ -2,6 +2,10 @@ > ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| > ?? ??? 2011, PHP 5.3.9 > > +- Core: > + . Added max_input_vars directive to prevent attacks based on hash > collisions > + (Dmitry). > + > - Streams: > . Fixed bug #60455 (stream_get_line misbehaves if EOF is not detected > together > with the last read). (Gustavo) > > Modified: php/php-src/branches/PHP_5_3/main/main.c > =================================================================== > --- php/php-src/branches/PHP_5_3/main/main.c 2011-12-15 07:28:28 UTC (rev > 321037) > +++ php/php-src/branches/PHP_5_3/main/main.c 2011-12-15 08:47:03 UTC (rev > 321038) > @@ -512,6 +512,7 @@ > STD_PHP_INI_ENTRY("post_max_size", "8M", > PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLong, > post_max_size, sapi_globals_struct,sapi_globals) > STD_PHP_INI_ENTRY("upload_tmp_dir", NULL, > PHP_INI_SYSTEM, OnUpdateStringUnempty, upload_tmp_dir, > php_core_globals, core_globals) > STD_PHP_INI_ENTRY("max_input_nesting_level", "64", > PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLongGEZero, > max_input_nesting_level, php_core_globals, > core_globals) > + STD_PHP_INI_ENTRY("max_input_vars", "1000", > PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLongGEZero, > max_input_vars, php_core_globals, > core_globals) > > STD_PHP_INI_ENTRY("user_dir", NULL, > PHP_INI_SYSTEM, OnUpdateString, user_dir, > php_core_globals, core_globals) > STD_PHP_INI_ENTRY("variables_order", "EGPCS", > PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateStringUnempty, > variables_order, php_core_globals, core_globals) > > Modified: php/php-src/branches/PHP_5_3/main/php_globals.h > =================================================================== > --- php/php-src/branches/PHP_5_3/main/php_globals.h 2011-12-15 07:28:28 > UTC (rev 321037) > +++ php/php-src/branches/PHP_5_3/main/php_globals.h 2011-12-15 08:47:03 > UTC (rev 321038) > @@ -174,6 +174,8 @@ > #ifdef PHP_WIN32 > zend_bool windows_show_crt_warning; > #endif > + > + long max_input_vars; > }; > > > > Modified: php/php-src/branches/PHP_5_3/main/php_variables.c > =================================================================== > --- php/php-src/branches/PHP_5_3/main/php_variables.c 2011-12-15 07:28:28 > UTC (rev 321037) > +++ php/php-src/branches/PHP_5_3/main/php_variables.c 2011-12-15 08:47:03 > UTC (rev 321038) > @@ -191,6 +191,9 @@ > } > if (zend_symtable_find(symtable1, > escaped_index, index_len + 1, (void **) &gpc_element_p) == FAILURE > || Z_TYPE_PP(gpc_element_p) != > IS_ARRAY) { > + if (zend_hash_num_elements(symtable1) > >= PG(max_input_vars)) { > + php_error_docref(NULL > TSRMLS_CC, E_ERROR, "Input variables exceeded %ld. To increase the limit > change max_input_vars in php.ini.", PG(max_input_vars)); > + } > MAKE_STD_ZVAL(gpc_element); > array_init(gpc_element); > zend_symtable_update(symtable1, > escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) > &gpc_element_p); > @@ -236,6 +239,9 @@ > zend_symtable_exists(symtable1, escaped_index, > index_len + 1)) { > zval_ptr_dtor(&gpc_element); > } else { > + if (zend_hash_num_elements(symtable1) >= > PG(max_input_vars)) { > + php_error_docref(NULL TSRMLS_CC, > E_ERROR, "Input variables exceeded %ld. To increase the limit change > max_input_vars in php.ini.", PG(max_input_vars)); > + } > zend_symtable_update(symtable1, escaped_index, > index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); > } > if (escaped_index != index) { > > > -- > PHP CVS Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
