subject:"\[PHP\-CVS\] cvs\: php\-src\(PHP_4_4\) \/main main.c php_globals.h php

[PHP-CVS] cvs: php-src(PHP_4_4) /main main.c php_globals.h php_variables.c

2007-05-22 Thread Stanislav Malyshev

stasTue May 22 18:16:38 2007 UTC

  Modified files:  (Branch: PHP_4_4)
/php-src/main   main.c php_globals.h php_variables.c 
  Log:
  fix for  CVE-2007-1285 - crash on deep input variable nesting
  
  
http://cvs.php.net/viewvc.cgi/php-src/main/main.c?r1=1.512.2.63.2.14r2=1.512.2.63.2.15diff_format=u
Index: php-src/main/main.c
diff -u php-src/main/main.c:1.512.2.63.2.14 php-src/main/main.c:1.512.2.63.2.15
--- php-src/main/main.c:1.512.2.63.2.14 Mon Jan  1 09:46:50 2007
+++ php-src/main/main.c Tue May 22 18:16:37 2007
@@ -18,7 +18,7 @@
+--+
 */
 
-/* $Id: main.c,v 1.512.2.63.2.14 2007/01/01 09:46:50 sebastian Exp $ */
+/* $Id: main.c,v 1.512.2.63.2.15 2007/05/22 18:16:37 stas Exp $ */
 
 /* {{{ includes
  */
@@ -338,6 +338,7 @@
STD_PHP_INI_ENTRY(upload_max_filesize,2M,   
PHP_INI_SYSTEM|PHP_INI_PERDIR,  OnUpdateInt,
upload_max_filesize,php_core_globals,   core_globals)
STD_PHP_INI_ENTRY(post_max_size,  8M,   
PHP_INI_SYSTEM|PHP_INI_PERDIR,  OnUpdateInt,
post_max_size,  sapi_globals_struct,sapi_globals)
STD_PHP_INI_ENTRY(upload_tmp_dir, NULL,   
PHP_INI_SYSTEM, OnUpdateStringUnempty,  upload_tmp_dir, 
php_core_globals,   core_globals)
+   STD_PHP_INI_ENTRY(max_input_nesting_level, 500,  
PHP_INI_SYSTEM|PHP_INI_PERDIR,  OnUpdateLongGEZero, 
max_input_nesting_level,php_core_globals,   core_globals)
 
STD_PHP_INI_ENTRY(user_dir,   NULL,   
PHP_INI_SYSTEM, OnUpdateString, user_dir,   
php_core_globals,   core_globals)
STD_PHP_INI_ENTRY(variables_order,NULL,   
PHP_INI_ALL,OnUpdateStringUnempty,  variables_order,
php_core_globals,   core_globals)
http://cvs.php.net/viewvc.cgi/php-src/main/php_globals.h?r1=1.84.2.6.8.2r2=1.84.2.6.8.3diff_format=u
Index: php-src/main/php_globals.h
diff -u php-src/main/php_globals.h:1.84.2.6.8.2 
php-src/main/php_globals.h:1.84.2.6.8.3
--- php-src/main/php_globals.h:1.84.2.6.8.2 Mon Jan  1 09:46:50 2007
+++ php-src/main/php_globals.h  Tue May 22 18:16:38 2007
@@ -141,6 +141,7 @@
zend_bool always_populate_raw_post_data;

long serialize_precision;
+   long max_input_nesting_level;
 };
 
 
http://cvs.php.net/viewvc.cgi/php-src/main/php_variables.c?r1=1.45.2.13.2.10r2=1.45.2.13.2.11diff_format=u
Index: php-src/main/php_variables.c
diff -u php-src/main/php_variables.c:1.45.2.13.2.10 
php-src/main/php_variables.c:1.45.2.13.2.11
--- php-src/main/php_variables.c:1.45.2.13.2.10 Fri Apr 13 00:42:48 2007
+++ php-src/main/php_variables.cTue May 22 18:16:38 2007
@@ -16,7 +16,7 @@
|  Zeev Suraski [EMAIL PROTECTED]|
+--+
  */
-/* $Id: php_variables.c,v 1.45.2.13.2.10 2007/04/13 00:42:48 stas Exp $ */
+/* $Id: php_variables.c,v 1.45.2.13.2.11 2007/05/22 18:16:38 stas Exp $ */
 
 #include stdio.h
 #include php.h
@@ -66,6 +66,7 @@
zval *gpc_element, **gpc_element_p;
zend_bool is_array;
HashTable *symtable1=NULL;
+   int nest_level = 0;
 
assert(var != NULL);

@@ -128,6 +129,10 @@
char *escaped_index = NULL, *index_s;
int new_idx_len = 0;
 
+   if(++nest_level  PG(max_input_nesting_level)) {
+   /* too many levels of nesting */
+   php_error_docref(NULL TSRMLS_CC, E_ERROR, 
Input variable nesting level more than allowed %d (change 
max_input_nesting_level in php.ini to increase the limit), 
PG(max_input_nesting_level));  
+   }
ip++;
index_s = ip;
if (isspace(*ip)) {

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-CVS] cvs: php-src(PHP_4_4) /main main.c php_globals.h php_variables.c

2007-05-22 Thread Hannes Magnusson


Again, please use the [DOC] tag in your commit message to let the doc team know.
And don't forget to update php.ini-dist/recommended  NEWS
Btw; did you really mean to set the default value to 500? (its 64 in 5.2)

-Hannes

On 5/22/07, Stanislav Malyshev [EMAIL PROTECTED] wrote:

stasTue May 22 18:16:38 2007 UTC

  Modified files:  (Branch: PHP_4_4)
/php-src/main   main.c php_globals.h php_variables.c
  Log:
  fix for  CVE-2007-1285 - crash on deep input variable nesting


http://cvs.php.net/viewvc.cgi/php-src/main/main.c?r1=1.512.2.63.2.14r2=1.512.2.63.2.15diff_format=u
Index: php-src/main/main.c
diff -u php-src/main/main.c:1.512.2.63.2.14 php-src/main/main.c:1.512.2.63.2.15
--- php-src/main/main.c:1.512.2.63.2.14 Mon Jan  1 09:46:50 2007
+++ php-src/main/main.c Tue May 22 18:16:37 2007
@@ -18,7 +18,7 @@
+--+
 */

-/* $Id: main.c,v 1.512.2.63.2.14 2007/01/01 09:46:50 sebastian Exp $ */
+/* $Id: main.c,v 1.512.2.63.2.15 2007/05/22 18:16:37 stas Exp $ */

 /* {{{ includes
  */
@@ -338,6 +338,7 @@
STD_PHP_INI_ENTRY(upload_max_filesize,2M,   
PHP_INI_SYSTEM|PHP_INI_PERDIR,  OnUpdateInt,upload_max_filesize,
php_core_globals,   core_globals)
STD_PHP_INI_ENTRY(post_max_size,  8M,   
PHP_INI_SYSTEM|PHP_INI_PERDIR,  OnUpdateInt,post_max_size,  
sapi_globals_struct,sapi_globals)
STD_PHP_INI_ENTRY(upload_tmp_dir, NULL,   
PHP_INI_SYSTEM, OnUpdateStringUnempty,  upload_tmp_dir, 
php_core_globals,   core_globals)
+   STD_PHP_INI_ENTRY(max_input_nesting_level, 500,  
PHP_INI_SYSTEM|PHP_INI_PERDIR,  OnUpdateLongGEZero, max_input_nesting_level,
php_core_globals,   core_globals)

STD_PHP_INI_ENTRY(user_dir,   NULL,   
PHP_INI_SYSTEM, OnUpdateString, user_dir, 
  php_core_globals,   core_globals)
STD_PHP_INI_ENTRY(variables_order,NULL,   
PHP_INI_ALL,OnUpdateStringUnempty,  variables_order,
php_core_globals,   core_globals)
http://cvs.php.net/viewvc.cgi/php-src/main/php_globals.h?r1=1.84.2.6.8.2r2=1.84.2.6.8.3diff_format=u
Index: php-src/main/php_globals.h
diff -u php-src/main/php_globals.h:1.84.2.6.8.2 
php-src/main/php_globals.h:1.84.2.6.8.3
--- php-src/main/php_globals.h:1.84.2.6.8.2 Mon Jan  1 09:46:50 2007
+++ php-src/main/php_globals.h  Tue May 22 18:16:38 2007
@@ -141,6 +141,7 @@
zend_bool always_populate_raw_post_data;

long serialize_precision;
+   long max_input_nesting_level;
 };


http://cvs.php.net/viewvc.cgi/php-src/main/php_variables.c?r1=1.45.2.13.2.10r2=1.45.2.13.2.11diff_format=u
Index: php-src/main/php_variables.c
diff -u php-src/main/php_variables.c:1.45.2.13.2.10 
php-src/main/php_variables.c:1.45.2.13.2.11
--- php-src/main/php_variables.c:1.45.2.13.2.10 Fri Apr 13 00:42:48 2007
+++ php-src/main/php_variables.cTue May 22 18:16:38 2007
@@ -16,7 +16,7 @@
|  Zeev Suraski [EMAIL PROTECTED]|
+--+
  */
-/* $Id: php_variables.c,v 1.45.2.13.2.10 2007/04/13 00:42:48 stas Exp $ */
+/* $Id: php_variables.c,v 1.45.2.13.2.11 2007/05/22 18:16:38 stas Exp $ */

 #include stdio.h
 #include php.h
@@ -66,6 +66,7 @@
zval *gpc_element, **gpc_element_p;
zend_bool is_array;
HashTable *symtable1=NULL;
+   int nest_level = 0;

assert(var != NULL);

@@ -128,6 +129,10 @@
char *escaped_index = NULL, *index_s;
int new_idx_len = 0;

+   if(++nest_level  PG(max_input_nesting_level)) {
+   /* too many levels of nesting */
+   php_error_docref(NULL TSRMLS_CC, E_ERROR, Input 
variable nesting level more than allowed %d (change max_input_nesting_level in php.ini to 
increase the limit), PG(max_input_nesting_level));
+   }
ip++;
index_s = ip;
if (isspace(*ip)) {

--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php-src(PHP_4_4) /main main.c php_globals.h php_variables.c

Re: [PHP-CVS] cvs: php-src(PHP_4_4) /main main.c php_globals.h php_variables.c

2 matches

Site Navigation

Mail list logo

Footer information