From 66a07efa07b213f972840332007b908567278f7f Mon Sep 17 00:00:00 2001 From: Rasmus Lerdorf Date: Sat, 26 Dec 2009 23:38:25 +0000 Subject: [PATCH] Along with the valid char set, also add a length check to the session id here to avoid a lower-level error on the open() later on in case we exceed MAX_PATH. The lower level open() error includes the session dir path in it, so this is a very low-priority security fix. People should not be running production systems with display_errors turned on. --- ext/session/mod_files.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c index 6b525e7cd5..309309f779 100644 --- a/ext/session/mod_files.c +++ b/ext/session/mod_files.c @@ -87,7 +87,9 @@ static int ps_files_valid_key(const char *key) len = p - key; - if (len == 0) { + /* Somewhat arbitrary length limit here, but should be way more than + anyone needs and avoids file-level warnings later on if we exceed MAX_PATH */ + if (len == 0 || len > 128) { ret = 0; } @@ -154,7 +156,7 @@ static void ps_files_open(ps_files *data, const char *key TSRMLS_DC) ps_files_close(data); if (!ps_files_valid_key(key)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'"); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'"); PS(invalid_session_id) = 1; return; } -- 2.50.1