Again, please use the [DOC] tag in your commit message to let the doc team know.
And don't forget to update php.ini-dist/recommended NEWS
Btw; did you really mean to set the default value to 500? (its 64 in 5.2)
-Hannes
On 5/22/07, Stanislav Malyshev [EMAIL PROTECTED] wrote:
stasTue May 22 18:16:38 2007 UTC
Modified files: (Branch: PHP_4_4)
/php-src/main main.c php_globals.h php_variables.c
Log:
fix for CVE-2007-1285 - crash on deep input variable nesting
http://cvs.php.net/viewvc.cgi/php-src/main/main.c?r1=1.512.2.63.2.14r2=1.512.2.63.2.15diff_format=u
Index: php-src/main/main.c
diff -u php-src/main/main.c:1.512.2.63.2.14 php-src/main/main.c:1.512.2.63.2.15
--- php-src/main/main.c:1.512.2.63.2.14 Mon Jan 1 09:46:50 2007
+++ php-src/main/main.c Tue May 22 18:16:37 2007
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: main.c,v 1.512.2.63.2.14 2007/01/01 09:46:50 sebastian Exp $ */
+/* $Id: main.c,v 1.512.2.63.2.15 2007/05/22 18:16:37 stas Exp $ */
/* {{{ includes
*/
@@ -338,6 +338,7 @@
STD_PHP_INI_ENTRY(upload_max_filesize,2M,
PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateInt,upload_max_filesize,
php_core_globals, core_globals)
STD_PHP_INI_ENTRY(post_max_size, 8M,
PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateInt,post_max_size,
sapi_globals_struct,sapi_globals)
STD_PHP_INI_ENTRY(upload_tmp_dir, NULL,
PHP_INI_SYSTEM, OnUpdateStringUnempty, upload_tmp_dir,
php_core_globals, core_globals)
+ STD_PHP_INI_ENTRY(max_input_nesting_level, 500,
PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLongGEZero, max_input_nesting_level,
php_core_globals, core_globals)
STD_PHP_INI_ENTRY(user_dir, NULL,
PHP_INI_SYSTEM, OnUpdateString, user_dir,
php_core_globals, core_globals)
STD_PHP_INI_ENTRY(variables_order,NULL,
PHP_INI_ALL,OnUpdateStringUnempty, variables_order,
php_core_globals, core_globals)
http://cvs.php.net/viewvc.cgi/php-src/main/php_globals.h?r1=1.84.2.6.8.2r2=1.84.2.6.8.3diff_format=u
Index: php-src/main/php_globals.h
diff -u php-src/main/php_globals.h:1.84.2.6.8.2
php-src/main/php_globals.h:1.84.2.6.8.3
--- php-src/main/php_globals.h:1.84.2.6.8.2 Mon Jan 1 09:46:50 2007
+++ php-src/main/php_globals.h Tue May 22 18:16:38 2007
@@ -141,6 +141,7 @@
zend_bool always_populate_raw_post_data;
long serialize_precision;
+ long max_input_nesting_level;
};
http://cvs.php.net/viewvc.cgi/php-src/main/php_variables.c?r1=1.45.2.13.2.10r2=1.45.2.13.2.11diff_format=u
Index: php-src/main/php_variables.c
diff -u php-src/main/php_variables.c:1.45.2.13.2.10
php-src/main/php_variables.c:1.45.2.13.2.11
--- php-src/main/php_variables.c:1.45.2.13.2.10 Fri Apr 13 00:42:48 2007
+++ php-src/main/php_variables.cTue May 22 18:16:38 2007
@@ -16,7 +16,7 @@
| Zeev Suraski [EMAIL PROTECTED]|
+--+
*/
-/* $Id: php_variables.c,v 1.45.2.13.2.10 2007/04/13 00:42:48 stas Exp $ */
+/* $Id: php_variables.c,v 1.45.2.13.2.11 2007/05/22 18:16:38 stas Exp $ */
#include stdio.h
#include php.h
@@ -66,6 +66,7 @@
zval *gpc_element, **gpc_element_p;
zend_bool is_array;
HashTable *symtable1=NULL;
+ int nest_level = 0;
assert(var != NULL);
@@ -128,6 +129,10 @@
char *escaped_index = NULL, *index_s;
int new_idx_len = 0;
+ if(++nest_level PG(max_input_nesting_level)) {
+ /* too many levels of nesting */
+ php_error_docref(NULL TSRMLS_CC, E_ERROR, Input
variable nesting level more than allowed %d (change max_input_nesting_level in php.ini to
increase the limit), PG(max_input_nesting_level));
+ }
ip++;
index_s = ip;
if (isspace(*ip)) {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php