File php-4.3.9-CVE-2007-1285.patch of Package php4

--- php-4.3.9/main/php_variables.c.cve1285
+++ php-4.3.9/main/php_variables.c
@@ -66,6 +66,7 @@
 	zval *gpc_element, **gpc_element_p;
 	zend_bool is_array;
 	HashTable *symtable1=NULL;
+	int nest_level = 0;
 
 	assert(var != NULL);
 	
@@ -128,6 +129,14 @@
 			char *escaped_index = NULL, *index_s;
 			int new_idx_len = 0;
 
+			if (++nest_level > PG(max_input_nesting_level)) {
+				/* too many levels of nesting */
+				php_error_docref(NULL TSRMLS_CC, E_ERROR, "Input variable nesting level "
+                                 "more than allowed %ld (change max_input_nesting_level "
+                                 "in php.ini to increase the limit)", 
+                                 PG(max_input_nesting_level));
+			}
+
 			ip++;
 			index_s = ip;
 			if (isspace(*ip)) {
--- php-4.3.9/main/php_globals.h.cve1285
+++ php-4.3.9/main/php_globals.h
@@ -141,6 +141,8 @@
 	zend_bool always_populate_raw_post_data;
 	
 	long serialize_precision;
+
+	long max_input_nesting_level;
 };
 
 
--- php-4.3.9/main/main.c.cve1285
+++ php-4.3.9/main/main.c
@@ -341,6 +341,7 @@
 	STD_PHP_INI_ENTRY("upload_max_filesize",	"2M",		PHP_INI_SYSTEM|PHP_INI_PERDIR,		OnUpdateInt,			upload_max_filesize,	php_core_globals,	core_globals)
 	STD_PHP_INI_ENTRY("post_max_size",			"8M",		PHP_INI_SYSTEM|PHP_INI_PERDIR,		OnUpdateInt,			post_max_size,			sapi_globals_struct,sapi_globals)
 	STD_PHP_INI_ENTRY("upload_tmp_dir",			NULL,		PHP_INI_SYSTEM,		OnUpdateStringUnempty,	upload_tmp_dir,			php_core_globals,	core_globals)
+	STD_PHP_INI_ENTRY("max_input_nesting_level", "64",		PHP_INI_SYSTEM|PHP_INI_PERDIR,		OnUpdateInt,	max_input_nesting_level,			php_core_globals,	core_globals)
 
 	STD_PHP_INI_ENTRY("user_dir",				NULL,		PHP_INI_SYSTEM,		OnUpdateString,			user_dir,				php_core_globals,	core_globals)
 	STD_PHP_INI_ENTRY("variables_order",		NULL,		PHP_INI_ALL,		OnUpdateStringUnempty,	variables_order,		php_core_globals,	core_globals)