summaryrefslogtreecommitdiff
path: root/ext/session
diff options
context:
space:
mode:
authorRasmus Lerdorf <rasmus@php.net>2009-12-26 23:38:25 +0000
committerRasmus Lerdorf <rasmus@php.net>2009-12-26 23:38:25 +0000
commite9b1ab57a4a4632bf620be245f2e05d3eca3b913 (patch)
tree5ba5e8607c4a74a2ba8371e9b116e37f5ca3e7f9 /ext/session
parent1496161f01647b67d6452e52ed6922523a7f6f44 (diff)
downloadphp-git-e9b1ab57a4a4632bf620be245f2e05d3eca3b913.tar.gz
Along with the valid char set, also add a length check to the
session id here to avoid a lower-level error on the open() later on in case we exceed MAX_PATH. The lower level open() error includes the session dir path in it, so this is a very low-priority security fix. People should not be running production systems with display_errors turned on.
Diffstat (limited to 'ext/session')
-rw-r--r--ext/session/mod_files.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c
index 6224b5442e..3a4ef599f7 100644
--- a/ext/session/mod_files.c
+++ b/ext/session/mod_files.c
@@ -87,7 +87,9 @@ static int ps_files_valid_key(const char *key)
len = p - key;
- if (len == 0) {
+ /* Somewhat arbitrary length limit here, but should be way more than
+ anyone needs and avoids file-level warnings later on if we exceed MAX_PATH */
+ if (len == 0 || len > 128) {
ret = 0;
}
@@ -154,7 +156,7 @@ static void ps_files_open(ps_files *data, const char *key TSRMLS_DC)
ps_files_close(data);
if (!ps_files_valid_key(key)) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'");
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'");
PS(invalid_session_id) = 1;
return;
}