]>
Commit | Line | Data |
---|---|---|
badd589e ER |
1 | this refers to svn commit: http://svn.php.net/viewvc?view=revision&revision=323007 |
2 | aka CVE-2012-0830 | |
3 | ||
4 | link: https://bugzilla.redhat.com/show_bug.cgi?id=786686 | |
5 | ||
82f6b657 ER |
6 | diff -up php-5.2.17/main/php_variables.c.bug-323007 php-5.2.17/main/php_variables.c |
7 | --- php-5.2.17/main/php_variables.c.bug-323007 2012-02-03 12:12:09.000000000 +0700 | |
8 | +++ php-5.2.17/main/php_variables.c 2012-02-03 13:17:16.000000000 +0700 | |
9 | @@ -187,12 +187,17 @@ PHPAPI void php_register_variable_ex(cha | |
10 | } | |
11 | if (zend_symtable_find(symtable1, escaped_index, index_len + 1, (void **) &gpc_element_p) == FAILURE | |
12 | || Z_TYPE_PP(gpc_element_p) != IS_ARRAY) { | |
13 | - if (zend_hash_num_elements(symtable1) >= PG(max_input_vars)) { | |
14 | - php_error_docref(NULL TSRMLS_CC, E_ERROR, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); | |
15 | - } | |
16 | + if (zend_hash_num_elements(symtable1) <= PG(max_input_vars)) { | |
17 | + if (zend_hash_num_elements(symtable1) == PG(max_input_vars)) { | |
18 | + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); | |
19 | + } | |
20 | MAKE_STD_ZVAL(gpc_element); | |
21 | array_init(gpc_element); | |
22 | zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); | |
23 | + } else { | |
24 | + efree(var_orig); | |
25 | + return; | |
26 | + } | |
27 | } | |
28 | if (index != escaped_index) { | |
29 | efree(escaped_index); |