iliaa Fri Dec 1 00:28:43 2006 UTC
Modified files: (Branch: PHP_4_4)
/php-src/ext/session session.c
Log:
MFH: Disallow \0 chars inside session.save_path
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.336.2.53.2.7&r2=1.336.2.53.2.8&diff_format=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.336.2.53.2.7
php-src/ext/session/session.c:1.336.2.53.2.8
--- php-src/ext/session/session.c:1.336.2.53.2.7 Tue Aug 1 08:33:13 2006
+++ php-src/ext/session/session.c Fri Dec 1 00:28:43 2006
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: session.c,v 1.336.2.53.2.7 2006/08/01 08:33:13 tony2001 Exp $ */
+/* $Id: session.c,v 1.336.2.53.2.8 2006/12/01 00:28:43 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -120,6 +120,10 @@
static PHP_INI_MH(OnUpdateSaveDir) {
/* Only do the safemode/open_basedir check at runtime */
if(stage == PHP_INI_STAGE_RUNTIME) {
+ if (memchr(new_value, '\0', new_value_length) != NULL) {
+ return FAILURE;
+ }
+
if (PG(safe_mode) && (!php_checkuid(new_value, NULL,
CHECKUID_ALLOW_ONLY_DIR))) {
return FAILURE;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
