diff options
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | ext/session/mod_files.c | 5 |
2 files changed, 8 insertions, 0 deletions
@@ -32,6 +32,9 @@ PHP NEWS . Fixed bug #72306 (Heap overflow through proc_open and $env parameter). (Laruence) +- Session: + . Fixed bug #72531 (ps_files_cleanup_dir Buffer overflow). (Laruence) + - Streams: . Fixed bug #72439 (Stream socket with remote address leads to a segmentation fault). (Laruence) diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c index b380cfe86b..64a6c47e00 100644 --- a/ext/session/mod_files.c +++ b/ext/session/mod_files.c @@ -294,6 +294,11 @@ static int ps_files_cleanup_dir(const char *dirname, zend_long maxlifetime) dirname_len = strlen(dirname); + if (dirname_len >= MAXPATHLEN) { + php_error_docref(NULL, E_NOTICE, "ps_files_cleanup_dir: dirname(%s) is too long", dirname); + return (0); + } + /* Prepare buffer (dirname never changes) */ memcpy(buf, dirname, dirname_len); buf[dirname_len] = PHP_DIR_SEPARATOR; |