]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 30331e7)
MFH: Disallow \0 chars inside session.save_path
authorIlia Alshanetsky <iliaa@php.net>
Fri, 1 Dec 2006 00:28:43 +0000 (00:28 +0000)
committerIlia Alshanetsky <iliaa@php.net>
Fri, 1 Dec 2006 00:28:43 +0000 (00:28 +0000)
ext/session/session.c patch | blob | history

diff --git a/ext/session/session.c b/ext/session/session.c
index 3fb3a08b59277da6840fed482c48bea3e4a4b5d8..f433caf52b865d387eeaa0d9437208365df23460 100644 (file)
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -120,6 +120,10 @@ static PHP_INI_MH(OnUpdateSerializer)
 static PHP_INI_MH(OnUpdateSaveDir) {
        /* Only do the safemode/open_basedir check at runtime */
        if(stage == PHP_INI_STAGE_RUNTIME) {
+               if (memchr(new_value, '\0', new_value_length) != NULL) {
+                       return FAILURE;
+               }
+
                if (PG(safe_mode) && (!php_checkuid(new_value, NULL, CHECKUID_ALLOW_ONLY_DIR))) {
                        return FAILURE;
                }
Unnamed repository; edit this file 'description' to name the repository.