diff options
| author | Zeev Suraski <zeev@php.net> | 2000-09-09 15:02:15 +0000 |
|---|---|---|
| committer | Zeev Suraski <zeev@php.net> | 2000-09-09 15:02:15 +0000 |
| commit | b7ecaacd07b6be07677ed694b5dbc51b609c4263 (patch) | |
| tree | 56a4ab13d9b42bc669a63c61314f3b67f794ee20 /main/SAPI.c | |
| parent | 242139d5acb8ff26a42e8f41eb15558458ca8e58 (diff) | |
| download | php-git-b7ecaacd07b6be07677ed694b5dbc51b609c4263.tar.gz | |
More security-related (control) patches:
- Avoid displaying errors during startup, unless display_startup_errors is enabled.
- Implemented post_size_max limit. Defaults to 8MB.
- Implemented file_uploads on/off directive (defaults to on).
Diffstat (limited to 'main/SAPI.c')
| -rw-r--r-- | main/SAPI.c | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/main/SAPI.c b/main/SAPI.c index 7853292383..df1d5fb957 100644 --- a/main/SAPI.c +++ b/main/SAPI.c @@ -115,8 +115,10 @@ SAPI_API void sapi_handle_post(void *arg SLS_DC) { if (SG(request_info).post_entry) { SG(request_info).post_entry->post_handler(SG(request_info).content_type_dup, arg SLS_CC); - efree(SG(request_info).post_data); - SG(request_info).post_data = NULL; + if (SG(request_info).post_data) { + efree(SG(request_info).post_data); + SG(request_info).post_data = NULL; + } efree(SG(request_info).content_type_dup); SG(request_info).content_type_dup = NULL; } @@ -156,7 +158,7 @@ static void sapi_read_post_data(SLS_D) post_reader_func = post_entry->post_reader; } else { if (!sapi_module.default_post_reader) { - sapi_module.sapi_error(E_ERROR, "Unsupported content type: '%s'", content_type); + sapi_module.sapi_error(E_WARNING, "Unsupported content type: '%s'", content_type); return; } SG(request_info).post_entry = NULL; @@ -175,6 +177,11 @@ SAPI_POST_READER_FUNC(sapi_read_standard_form_data) int read_bytes; int allocated_bytes=SAPI_POST_BLOCK_SIZE+1; + if (SG(request_info).content_length > SG(post_max_size)) { + php_error(E_WARNING, "POST Content-Length of %d bytes exceeds the limit of %d bytes", + SG(request_info).content_length, SG(post_max_size)); + return; + } SG(request_info).post_data = emalloc(allocated_bytes); for (;;) { @@ -183,6 +190,10 @@ SAPI_POST_READER_FUNC(sapi_read_standard_form_data) break; } SG(read_post_bytes) += read_bytes; + if (SG(read_post_bytes) > SG(post_max_size)) { + php_error(E_WARNING, "Actual POST length does not match Content-Length, and exceeds %d bytes", SG(post_max_size)); + return; + } if (read_bytes < SAPI_POST_BLOCK_SIZE) { break; } @@ -285,14 +296,17 @@ SAPI_API void sapi_activate(SLS_D) } else { SG(request_info).headers_only = 0; } + SG(rfc1867_uploaded_files) = NULL; if (SG(server_context)) { if (SG(request_info).request_method && !strcmp(SG(request_info).request_method, "POST")) { if (!SG(request_info).content_type) { - sapi_module.sapi_error(E_ERROR, "No content-type in POST request"); + sapi_module.sapi_error(E_WARNING, "No content-type in POST request"); + SG(request_info).content_type_dup = NULL; + } else { + sapi_read_post_data(SLS_C); } - sapi_read_post_data(SLS_C); } else { SG(request_info).content_type_dup = NULL; } @@ -301,7 +315,6 @@ SAPI_API void sapi_activate(SLS_D) sapi_module.activate(SLS_C); } } - SG(rfc1867_uploaded_files) = NULL; } |