From a3c0bdc81c1d326b3e30a8223370892a0260b9a9 Mon Sep 17 00:00:00 2001 From: taca Date: Tue, 3 Jan 2012 16:23:14 +0000 Subject: Add security fix for http://www.ocert.org/advisories/ocert-2011-003.html from r321038 from PHP's repository. Bump PKGREVISION. --- lang/php53/patches/patch-main_main.c | 15 ++++++++++++++ lang/php53/patches/patch-main_php__globals.h | 16 +++++++++++++++ lang/php53/patches/patch-main_php__variables.c | 27 ++++++++++++++++++++++++++ 3 files changed, 58 insertions(+) create mode 100644 lang/php53/patches/patch-main_main.c create mode 100644 lang/php53/patches/patch-main_php__globals.h create mode 100644 lang/php53/patches/patch-main_php__variables.c (limited to 'lang/php53/patches') diff --git a/lang/php53/patches/patch-main_main.c b/lang/php53/patches/patch-main_main.c new file mode 100644 index 00000000000..75ed38ee3c2 --- /dev/null +++ b/lang/php53/patches/patch-main_main.c @@ -0,0 +1,15 @@ +$NetBSD: patch-main_main.c,v 1.1 2012/01/03 16:23:14 taca Exp $ + +* Fix for http://www.ocert.org/advisories/ocert-2011-003.html + from r321038 from PHP's repository. + +--- main/main.c.orig 2012-01-03 02:28:53.000000000 +0000 ++++ main/main.c +@@ -504,6 +504,7 @@ PHP_INI_BEGIN() + STD_PHP_INI_ENTRY("post_max_size", "8M", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLong, post_max_size, sapi_globals_struct,sapi_globals) + STD_PHP_INI_ENTRY("upload_tmp_dir", NULL, PHP_INI_SYSTEM, OnUpdateStringUnempty, upload_tmp_dir, php_core_globals, core_globals) + STD_PHP_INI_ENTRY("max_input_nesting_level", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLongGEZero, max_input_nesting_level, php_core_globals, core_globals) ++ STD_PHP_INI_ENTRY("max_input_vars", "1000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLongGEZero, max_input_vars, php_core_globals, core_globals) + + STD_PHP_INI_ENTRY("user_dir", NULL, PHP_INI_SYSTEM, OnUpdateString, user_dir, php_core_globals, core_globals) + STD_PHP_INI_ENTRY("variables_order", "EGPCS", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateStringUnempty, variables_order, php_core_globals, core_globals) diff --git a/lang/php53/patches/patch-main_php__globals.h b/lang/php53/patches/patch-main_php__globals.h new file mode 100644 index 00000000000..9950417c1ef --- /dev/null +++ b/lang/php53/patches/patch-main_php__globals.h @@ -0,0 +1,16 @@ +$NetBSD: patch-main_php__globals.h,v 1.1 2012/01/03 16:23:14 taca Exp $ + +* Fix for http://www.ocert.org/advisories/ocert-2011-003.html + from r321038 from PHP's repository. + +--- main/php_globals.h.orig 2011-01-01 02:19:59.000000000 +0000 ++++ main/php_globals.h +@@ -170,6 +170,8 @@ struct _php_core_globals { + char *mail_log; + + zend_bool in_error_log; ++ ++ long max_input_vars; + }; + + diff --git a/lang/php53/patches/patch-main_php__variables.c b/lang/php53/patches/patch-main_php__variables.c new file mode 100644 index 00000000000..d970b8a202d --- /dev/null +++ b/lang/php53/patches/patch-main_php__variables.c @@ -0,0 +1,27 @@ +$NetBSD: patch-main_php__variables.c,v 1.1 2012/01/03 16:23:14 taca Exp $ + +* Fix for http://www.ocert.org/advisories/ocert-2011-003.html + from r321038 from PHP's repository. + +--- main/php_variables.c.orig 2011-01-01 02:19:59.000000000 +0000 ++++ main/php_variables.c +@@ -191,6 +191,9 @@ PHPAPI void php_register_variable_ex(cha + } + if (zend_symtable_find(symtable1, escaped_index, index_len + 1, (void **) &gpc_element_p) == FAILURE + || Z_TYPE_PP(gpc_element_p) != IS_ARRAY) { ++ if (zend_hash_num_elements(symtable1) >= PG(max_input_vars)) { ++ php_error_docref(NULL TSRMLS_CC, E_ERROR, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); ++ } + MAKE_STD_ZVAL(gpc_element); + array_init(gpc_element); + zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); +@@ -236,6 +239,9 @@ plain_var: + zend_symtable_exists(symtable1, escaped_index, index_len + 1)) { + zval_ptr_dtor(&gpc_element); + } else { ++ if (zend_hash_num_elements(symtable1) >= PG(max_input_vars)) { ++ php_error_docref(NULL TSRMLS_CC, E_ERROR, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); ++ } + zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); + } + if (escaped_index != index) { -- cgit v1.2.3