Search
j0ke.net Open Build Service
>
Projects
>
internetx
:
php4
:
4.4.9
>
php4
> php-4.3.9-CVE-2007-4670.patch
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File php-4.3.9-CVE-2007-4670.patch of Package php4
--- php-4.3.9/main/php_variables.c.cve4670 +++ php-4.3.9/main/php_variables.c @@ -130,13 +130,23 @@ PHPAPI void php_register_variable_ex(cha int new_idx_len = 0; if (++nest_level > PG(max_input_nesting_level)) { - /* too many levels of nesting */ - php_error_docref(NULL TSRMLS_CC, E_ERROR, "Input variable nesting level " - "more than allowed %ld (change max_input_nesting_level " - "in php.ini to increase the limit)", - PG(max_input_nesting_level)); - } + HashTable *ht; + /* too many levels of nesting */ + + if (track_vars_array) { + ht = Z_ARRVAL_P(track_vars_array); + } else if (PG(register_globals)) { + ht = EG(active_symbol_table); + } + zend_hash_del(ht, var, var_len + 1); + zval_dtor(val); + + if (!PG(display_errors)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variable nesting level exceeded %ld. To increase the limit change max_input_nesting_level in php.ini.", PG(max_input_nesting_level)); + } + return; + } ip++; index_s = ip; if (isspace(*ip)) { @@ -149,8 +159,9 @@ PHPAPI void php_register_variable_ex(cha if (!ip) { /* PHP variables cannot contain '[' in their names, so we replace the character with a '_' */ *(index_s - 1) = '_'; + index_len = 0; if (index) { - index_len = var_len = strlen(index); + index_len = strlen(index); } goto plain_var; return;