]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 45e2197)
MFB: Disallow \0 chars inside session.save_path
authorIlia Alshanetsky <iliaa@php.net>
Fri, 1 Dec 2006 00:27:33 +0000 (00:27 +0000)
committerIlia Alshanetsky <iliaa@php.net>
Fri, 1 Dec 2006 00:27:33 +0000 (00:27 +0000)
ext/session/session.c patch | blob | history

diff --git a/ext/session/session.c b/ext/session/session.c
index 41f321c5f671e241d4845c01b6d695e72ce8589d..fb8c7a60d0b9c27ad2c09d90a361429abd367c42 100644 (file)
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -150,6 +150,10 @@ static PHP_INI_MH(OnUpdateSaveDir)
        if (stage == PHP_INI_STAGE_RUNTIME) {
                char *p;
 
+               if (memchr(new_value, '\0', new_value_length) != NULL) {
+                       return FAILURE;
+               }
+
                if ((p = zend_memrchr(new_value, ';', new_value_length))) {
                        p++;
                } else {
Unnamed repository; edit this file 'description' to name the repository.