From: Rasmus Lerdorf <rasmus@php.net>
Date: Sat, 26 Dec 2009 23:38:25 +0000 (+0000)
Subject: Along with the valid char set, also add a length check to the
X-Git-Tag: php-5.4.0alpha1~507
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e9b1ab57a4a4632bf620be245f2e05d3eca3b913;p=php

Along with the valid char set, also add a length check to the
session id here to avoid a lower-level error on the open()
later on in case we exceed MAX_PATH.  The lower level open()
error includes the session dir path in it, so this is a very
low-priority security fix.  People should not be running
production systems with display_errors turned on.
---

diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c
index 6224b5442e..3a4ef599f7 100644
--- a/ext/session/mod_files.c
+++ b/ext/session/mod_files.c
@@ -87,7 +87,9 @@ static int ps_files_valid_key(const char *key)
 
 	len = p - key;
 
-	if (len == 0) {
+	/* Somewhat arbitrary length limit here, but should be way more than
+	   anyone needs and avoids file-level warnings later on if we exceed MAX_PATH */
+	if (len == 0 || len > 128) {
 		ret = 0;
 	}
 
@@ -154,7 +156,7 @@ static void ps_files_open(ps_files *data, const char *key TSRMLS_DC)
 		ps_files_close(data);
 
 		if (!ps_files_valid_key(key)) {
-			php_error_docref(NULL TSRMLS_CC, E_WARNING, "The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'");
+			php_error_docref(NULL TSRMLS_CC, E_WARNING, "The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'");
 			PS(invalid_session_id) = 1;
 			return;
 		}