[PHP-DEV] [PATCH] max_input_nesting_level in PHP_4_4 Branch

Wed, 18 Apr 2007 05:29:20 -0700 

Hello, Derick. :-)

http://www.php-security.org/MOPB/MOPB-02-2007.html
http://www.php-security.org/MOPB/MOPB-03-2007.html
http://news.php.net/php.cvs/43349

Is this change plan to PHP_4_4 Branch?

I think that it should become a similar operation.
My patch works in PHP_4_4 Branch.

Regards.

--
Seiji Masugagta

--- php4-STABLE-200704180830,orig/main/main.c   2007-01-01 20:33:06.000000000 
+0900
+++ php4-STABLE-200704180830/main/main.c        2007-04-18 20:04:09.295587660 
+0900
@@ -338,6 +338,7 @@
        STD_PHP_INI_ENTRY("upload_max_filesize",        "2M",           
PHP_INI_SYSTEM|PHP_INI_PERDIR,          OnUpdateInt,                    
upload_max_filesize,    php_core_globals,       core_globals)
        STD_PHP_INI_ENTRY("post_max_size",                      "8M",           
PHP_INI_SYSTEM|PHP_INI_PERDIR,          OnUpdateInt,                    
post_max_size,                  sapi_globals_struct,sapi_globals)
        STD_PHP_INI_ENTRY("upload_tmp_dir",                     NULL,           
PHP_INI_SYSTEM,         OnUpdateStringUnempty,  upload_tmp_dir,                 
php_core_globals,       core_globals)
+       STD_PHP_INI_ENTRY("max_input_nesting_level", "64",              
PHP_INI_SYSTEM|PHP_INI_PERDIR,          OnUpdateLongGEZero,     
max_input_nesting_level,                        php_core_globals,       
core_globals)
 
        STD_PHP_INI_ENTRY("user_dir",                           NULL,           
PHP_INI_SYSTEM,         OnUpdateString,                 user_dir,               
                php_core_globals,       core_globals)
        STD_PHP_INI_ENTRY("variables_order",            NULL,           
PHP_INI_ALL,            OnUpdateStringUnempty,  variables_order,                
php_core_globals,       core_globals)
--- php4-STABLE-200704180830,orig/main/php_globals.h    2007-01-01 
20:33:06.000000000 +0900
+++ php4-STABLE-200704180830/main/php_globals.h 2007-04-18 20:04:10.145471450 
+0900
@@ -90,6 +90,7 @@
        char *extension_dir;
 
        char *upload_tmp_dir;
+       long max_input_nesting_level;
        long upload_max_filesize;
        
        char *error_append_string;
--- php4-STABLE-200704180830,orig/main/php_variables.c  2007-04-13 
11:33:32.000000000 +0900
+++ php4-STABLE-200704180830/main/php_variables.c       2007-04-18 
20:07:32.987735574 +0900
@@ -63,6 +63,7 @@
        char *ip;               /* index pointer */
        char *index;
        int var_len, index_len;
+       int nest_level = 0;
        zval *gpc_element, **gpc_element_p;
        zend_bool is_array;
        HashTable *symtable1=NULL;
@@ -128,6 +129,11 @@
                        char *escaped_index = NULL, *index_s;
                        int new_idx_len = 0;
 
+                       if(++nest_level > PG(max_input_nesting_level)) {
+                               /* too many levels of nesting */
+                               php_error_docref(NULL TSRMLS_CC, E_ERROR, 
"Input variable nesting level more than allowed %ld (change 
max_input_nesting_level in php.ini to increase the limit)", 
PG(max_input_nesting_level));
+                       }
+
                        ip++;
                        index_s = ip;
                        if (isspace(*ip)) {
@@ -184,6 +190,7 @@
                                *ip = 0;
                        } else {
                                is_array = 0;
+                               nest_level = 0;
                        }
                } else {
 plain_var:

-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to