nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bug #1671813 CVE-2006-1549 deep recursion crash

Browse Source
This commit is contained in:
Sebastian Mendel
2007-03-01 16:09:00 +00:00
parent 4df1b95996
commit 18853eece6
2 changed files with 27 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
libraries/common.lib.php
View File

@@ -335,6 +335,12 @@ function PMA_array_merge_recursive()
/**
* calls $function vor every element in $array recursively
*
* this function is protected against deep recursion attack CVE-2006-1549,
* 1000 seems to be more than enough
*
* @see http://www.php-security.org/MOPB/MOPB-02-2007.html
* @see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1549
*
* @uses PMA_arrayWalkRecursive()
* @uses is_array()
* @uses is_string()
@@ -343,6 +349,10 @@ function PMA_array_merge_recursive()
*/
function PMA_arrayWalkRecursive(&$array, $function, $apply_to_keys_also = false)
{
static $recursive_counter = 0;
if (++$recursive_counter > 1000) {
die('possible deep recursion attack');
}
foreach ($array as $key => $value) {
if (is_array($value)) {
PMA_arrayWalkRecursive($array[$key], $function, $apply_to_keys_also);
@@ -358,6 +368,7 @@ function PMA_arrayWalkRecursive(&$array, $function, $apply_to_keys_also = false)
}
}
}
$recursive_counter++;
}
/**
@@ -1621,7 +1632,7 @@ if (typeof(window.parent) != 'undefined'
echo '<fieldset class="">' . "\n";
echo ' <legend>' . $GLOBALS['strSQLQuery'] . ':</legend>';
echo ' <div>';
// when uploading a 700 Kio binary file into a LONGBLOB,
// when uploading a 700 Kio binary file into a LONGBLOB,
// I get a white page, strlen($query_base) is 2 x 700 Kio
// so put a hard limit here (let's say 1000)
if (defined('PMA_QUERY_TOO_BIG')) {
@@ -2648,11 +2659,21 @@ if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])
die('GLOBALS overwrite attempt');
}
/**
* protect against deep recursion attack CVE-2006-1549,
* 1000 seems to be more than enough
*
* @see http://www.php-security.org/MOPB/MOPB-02-2007.html
* @see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1549
*/
if (count($GLOBALS) > 1000) {
die('possible deep recurse attack');
}
/**
* Check for numeric keys
* (if register_globals is on, numeric key can be found in $GLOBALS)
*/
foreach ($GLOBALS as $key => $dummy) {
if (is_numeric($key)) {
die('numeric key detected');