Added additional checks for long input arrays inside

import_request_variables().

# Missing checks identified by Stefan Esser

diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c
index f4ad543262d93891b467b9ffe4d87a9c55171846..c420805e2703793ecfbb9dca28d9961635ce63d8 100644 (file)
--- a/ext/standard/basic_functions.c
+++ b/ext/standard/basic_functions.c
@@ -6259,6 +6259,19 @@ static int copy_request_variable(void *pDest, int num_args, va_list args, zend_h
                        ) {
                        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Attempted super-global (%s) variable overwrite.", hash_key->arKey);
                        return 0;       
+               } else if (*hash_key->arKey == 'H' && 
+                               (
+                                       !strcmp(hash_key->arKey, "HTTP_POST_VARS") || 
+                                       !strcmp(hash_key->arKey, "HTTP_GET_VARS") || 
+                                       !strcmp(hash_key->arKey, "HTTP_COOKIE_VARS") || 
+                                       !strcmp(hash_key->arKey, "HTTP_ENV_VARS") || 
+                                       !strcmp(hash_key->arKey, "HTTP_SERVER_VARS") || 
+                                       !strcmp(hash_key->arKey, "HTTP_RAW_POST_DATA") || 
+                                       !strcmp(hash_key->arKey, "HTTP_POST_FILES")
+                               )
+                       ) {
+                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Attempted long input array (%s) overwrite.", hash_key->arKey);
+                       return 0;       
                }
        }