From 3e8a63f409fe17b10ade58cd069ef4a9ca0903fb Mon Sep 17 00:00:00 2001 From: =?utf8?q?Johannes=20Schl=C3=BCter?= Date: Mon, 25 Jan 2010 23:06:09 +0000 Subject: [PATCH] merge r292677: Along with the valid char set, also add a length check to the session id here to avoid a lower-level error on the open() later on in case we exceed MAX_PATH. The lower level open() error includes the session dir path in it, so this is a very low-priority security fix. People should not be running production systems with display_errors turned on. (rasmus) --- ext/session/mod_files.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c index 8f680f44ee..acb1ea0dec 100644 --- a/ext/session/mod_files.c +++ b/ext/session/mod_files.c @@ -87,7 +87,9 @@ static int ps_files_valid_key(const char *key) len = p - key; - if (len == 0) { + /* Somewhat arbitrary length limit here, but should be way more than + anyone needs and avoids file-level warnings later on if we exceed MAX_PATH */ + if (len == 0 || len > 128) { ret = 0; } @@ -154,7 +156,7 @@ static void ps_files_open(ps_files *data, const char *key TSRMLS_DC) ps_files_close(data); if (!ps_files_valid_key(key)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'"); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'"); PS(invalid_session_id) = 1; return; } -- 2.40.0