We've just been looking at the security issues which were silently fixed
in 4.3.9/5.0.2. The fixes for array index handling appear to be
incomplete, there is now a segfault for a variable like "?foo[][="
That was just filed as #30442, patch below fixes it.
Also, query strings like: "?foo[[[[[[[h]=4" and "?foo[%20%20]=7" will
still produce arrays which use invalid keys, not sure if this is
desirable?
# [foo] => Array
# (
# [[[[[[[h] => 4
# )
Index: main/php_variables.c
===================================================================
RCS file: /repository/php-src/main/php_variables.c,v
retrieving revision 1.82
diff -u -r1.82 php_variables.c
--- main/php_variables.c 9 Sep 2004 16:10:24 -0000 1.82
+++ main/php_variables.c 15 Oct 2004 12:02:12 -0000
@@ -133,7 +133,9 @@
if (!ip) {
/* PHP variables cannot contain '[' in their
names, so we replace the character with a '_' */
*(index_s - 1) = '_';
- index_len = var_len = strlen(index);
+ if (index) {
+ index_len = var_len = strlen(index);
+ }
goto plain_var;
return;
}
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
