From 4bf10270c785c22c03f30e389d2cf47a0b143863 Mon Sep 17 00:00:00 2001
From: Rasmus Lerdorf <rasmus@php.net>
Date: Wed, 15 Jul 2009 19:16:58 +0000
Subject: [PATCH] Limit db connection strings to 255 chars here - I don't trust
 the underlying libs

---
 ext/mssql/php_mssql.c | 35 +++++++++++++++++++++++++++++++----
 1 file changed, 31 insertions(+), 4 deletions(-)

diff --git a/ext/mssql/php_mssql.c b/ext/mssql/php_mssql.c
index 95d62cead1..294a7da87b 100644
--- a/ext/mssql/php_mssql.c
+++ b/ext/mssql/php_mssql.c
@@ -406,8 +406,11 @@ static void php_mssql_do_connect(INTERNAL_FUNCTION_PARAMETERS, int persistent)
 				}
 				convert_to_string_ex(yyhost);
 				host = Z_STRVAL_PP(yyhost);
+				if(strlen(host)>255) {
+					host[255] = '\0';
+				}
 				user=passwd=NULL;
-				hashed_details_length = spprintf(&hashed_details, 0, "mssql_%s__", Z_STRVAL_PP(yyhost));
+				hashed_details_length = spprintf(&hashed_details, 0, "mssql_%s__", host);
 			}
 			break;
 		case 2: {
@@ -420,8 +423,14 @@ static void php_mssql_do_connect(INTERNAL_FUNCTION_PARAMETERS, int persistent)
 				convert_to_string_ex(yyuser);
 				host = Z_STRVAL_PP(yyhost);
 				user = Z_STRVAL_PP(yyuser);
+				if(strlen(host)>255) {
+					host[255] = '\0';
+				}
+				if(strlen(user)>255) {
+					user[255] = '\0';
+				}
 				passwd=NULL;
-				hashed_details_length = spprintf(&hashed_details, 0, "mssql_%s_%s_",Z_STRVAL_PP(yyhost),Z_STRVAL_PP(yyuser));
+				hashed_details_length = spprintf(&hashed_details, 0, "mssql_%s_%s_", host, user);
 			}
 			break;
 		case 3: {
@@ -436,7 +445,16 @@ static void php_mssql_do_connect(INTERNAL_FUNCTION_PARAMETERS, int persistent)
 				host = Z_STRVAL_PP(yyhost);
 				user = Z_STRVAL_PP(yyuser);
 				passwd = Z_STRVAL_PP(yypasswd);
-				hashed_details_length = spprintf(&hashed_details,0,"mssql_%s_%s_%s",Z_STRVAL_PP(yyhost),Z_STRVAL_PP(yyuser),Z_STRVAL_PP(yypasswd));
+				if(strlen(host)>255) {
+					host[255] = '\0';
+				}
+				if(strlen(user)>255) {
+					user[255] = '\0';
+				}
+				if(strlen(passwd)>255) {
+					passwd[255] = '\0';
+				}
+				hashed_details_length = spprintf(&hashed_details,0,"mssql_%s_%s_%s", host, user, passwd);
 			}
 			break;
 		case 4: {
@@ -453,7 +471,16 @@ static void php_mssql_do_connect(INTERNAL_FUNCTION_PARAMETERS, int persistent)
 				user = Z_STRVAL_PP(yyuser);
 				passwd = Z_STRVAL_PP(yypasswd);
 				new_link = Z_LVAL_PP(yynew_link);
-				hashed_details_length = spprintf(&hashed_details,0,"mssql_%s_%s_%s",Z_STRVAL_PP(yyhost),Z_STRVAL_PP(yyuser),Z_STRVAL_PP(yypasswd));
+				if(strlen(host)>255) {
+					host[255] = '\0';
+				}
+				if(strlen(user)>255) {
+					user[255] = '\0';
+				}
+				if(strlen(passwd)>255) {
+					passwd[255] = '\0';
+				}
+				hashed_details_length = spprintf(&hashed_details,0,"mssql_%s_%s_%s", host, user, passwd);
 			}
 			break;
 		default:
-- 
2.40.0