From: Ilia Alshanetsky <iliaa@php.net>
Date: Sat, 10 Mar 2007 19:20:16 +0000 (+0000)
Subject: Added additional checks for long input arrays inside
X-Git-Tag: php-5.2.2RC1~175
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1453879587488ba59ad3ae9905e339350496bd3e;p=php

Added additional checks for long input arrays inside
import_request_variables().

# Missing checks identified by Stefan Esser
---

diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c
index f4ad543262..c420805e27 100644
--- a/ext/standard/basic_functions.c
+++ b/ext/standard/basic_functions.c
@@ -6259,6 +6259,19 @@ static int copy_request_variable(void *pDest, int num_args, va_list args, zend_h
 			) {
 			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Attempted super-global (%s) variable overwrite.", hash_key->arKey);
 			return 0; 	
+		} else if (*hash_key->arKey == 'H' && 
+				(
+					!strcmp(hash_key->arKey, "HTTP_POST_VARS") || 
+					!strcmp(hash_key->arKey, "HTTP_GET_VARS") || 
+					!strcmp(hash_key->arKey, "HTTP_COOKIE_VARS") || 
+					!strcmp(hash_key->arKey, "HTTP_ENV_VARS") || 
+					!strcmp(hash_key->arKey, "HTTP_SERVER_VARS") || 
+					!strcmp(hash_key->arKey, "HTTP_RAW_POST_DATA") || 
+					!strcmp(hash_key->arKey, "HTTP_POST_FILES")
+				)
+			) {
+			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Attempted long input array (%s) overwrite.", hash_key->arKey);
+			return 0; 	
 		}
 	}