Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.4
php5.523
php-5.3.5-CVE-2011-4885.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File php-5.3.5-CVE-2011-4885.patch of Package php5.523
http://svn.php.net/viewvc?view=revision&revision=321038 http://svn.php.net/viewvc?view=revision&revision=321040 http://svn.php.net/viewvc?view=revision&revision=321335 Index: php.ini-development =================================================================== --- php.ini-development.orig +++ php.ini-development @@ -453,6 +453,9 @@ max_input_time = 60 ; http://php.net/max-input-nesting-level ;max_input_nesting_level = 64 +; How many GET/POST/COOKIE input variables may be accepted +; max_input_vars = 1000 + ; Maximum amount of memory a script may consume (128MB) ; http://php.net/memory-limit memory_limit = 128M Index: php.ini-production =================================================================== --- php.ini-production.orig +++ php.ini-production @@ -453,6 +453,9 @@ max_input_time = 60 ; http://php.net/max-input-nesting-level ;max_input_nesting_level = 64 +; How many GET/POST/COOKIE input variables may be accepted +; max_input_vars = 1000 + ; Maximum amount of memory a script may consume (128MB) ; http://php.net/memory-limit memory_limit = 128M Index: main/main.c =================================================================== --- main/main.c.orig +++ main/main.c @@ -512,6 +512,7 @@ PHP_INI_BEGIN() STD_PHP_INI_ENTRY("post_max_size", "8M", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLong, post_max_size, sapi_globals_struct,sapi_globals) STD_PHP_INI_ENTRY("upload_tmp_dir", NULL, PHP_INI_SYSTEM, OnUpdateStringUnempty, upload_tmp_dir, php_core_globals, core_globals) STD_PHP_INI_ENTRY("max_input_nesting_level", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLongGEZero, max_input_nesting_level, php_core_globals, core_globals) + STD_PHP_INI_ENTRY("max_input_vars", "1000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLongGEZero, max_input_vars, php_core_globals, core_globals) STD_PHP_INI_ENTRY("user_dir", NULL, PHP_INI_SYSTEM, OnUpdateString, user_dir, php_core_globals, core_globals) STD_PHP_INI_ENTRY("variables_order", "EGPCS", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateStringUnempty, variables_order, php_core_globals, core_globals) Index: main/php_globals.h =================================================================== --- main/php_globals.h.orig +++ main/php_globals.h @@ -170,6 +170,8 @@ struct _php_core_globals { char *mail_log; zend_bool in_error_log; + + long max_input_vars; }; Index: main/php_variables.c =================================================================== --- main/php_variables.c.orig +++ main/php_variables.c @@ -191,9 +191,14 @@ PHPAPI void php_register_variable_ex(cha } if (zend_symtable_find(symtable1, escaped_index, index_len + 1, (void **) &gpc_element_p) == FAILURE || Z_TYPE_PP(gpc_element_p) != IS_ARRAY) { - MAKE_STD_ZVAL(gpc_element); - array_init(gpc_element); - zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); + if (zend_hash_num_elements(symtable1) <= PG(max_input_vars)) { + if (zend_hash_num_elements(symtable1) == PG(max_input_vars)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); + } + MAKE_STD_ZVAL(gpc_element); + array_init(gpc_element); + zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); + } } if (index != escaped_index) { efree(escaped_index); @@ -236,7 +241,14 @@ plain_var: zend_symtable_exists(symtable1, escaped_index, index_len + 1)) { zval_ptr_dtor(&gpc_element); } else { - zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); + if (zend_hash_num_elements(symtable1) <= PG(max_input_vars)) { + if (zend_hash_num_elements(symtable1) == PG(max_input_vars)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); + } + zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); + } else { + zval_ptr_dtor(&gpc_element); + } } if (escaped_index != index) { efree(escaped_index);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor