archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Added max_input_vars directive to prevent attacks based on hash collisions

Browse source
This commit is contained in:
Dmitry Stogov 2011-12-14 08:56:35 +00:00
parent f94cc91dda
commit 6fb3897f80
4 changed files with 13 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
main/php_variables.c
View file

@ -179,6 +179,9 @@ PHPAPI void php_register_variable_ex(char *var_name, zval *val, zval *track_vars
escaped_index = index;
if (zend_symtable_find(symtable1, escaped_index, index_len + 1, (void **) &gpc_element_p) == FAILURE
|| Z_TYPE_PP(gpc_element_p) != IS_ARRAY) {
if (zend_hash_num_elements(symtable1) >= PG(max_input_vars)) {
php_error_docref(NULL TSRMLS_CC, E_ERROR, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
}
MAKE_STD_ZVAL(gpc_element);
array_init(gpc_element);
zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
@ -220,6 +223,9 @@ plain_var:
zend_symtable_exists(symtable1, escaped_index, index_len + 1)) {
zval_ptr_dtor(&gpc_element);
} else {
if (zend_hash_num_elements(symtable1) >= PG(max_input_vars)) {
php_error_docref(NULL TSRMLS_CC, E_ERROR, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
}
zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
}
if (escaped_index != index) {