From b81f9a364c2a2204e6acbdff5b71e6cc6daead1e Mon Sep 17 00:00:00 2001 From: Marc Delisle Date: Fri, 2 Mar 2007 17:22:14 +0000 Subject: [PATCH] bug #1671813 CVE-2006-1549 deep recursion crash --- ChangeLog | 3 +++ libraries/common.lib.php | 14 +++++++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 1af0183db4..eab5c938cb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ phpMyAdmin - ChangeLog $Id$ $HeadURL$ +2007-03-01 Sebastian Mendel + * libraries/common.lib.php: bug #1671813 CVE-2006-1549 deep recursion crash + 2007-02-28 Marc Delisle * libraries/config.default.php: set $cfg['Servers'][$i]['ssl'] default value to false, we got reports from some users having problems with the diff --git a/libraries/common.lib.php b/libraries/common.lib.php index 23f8fe8fc1..a8a108e5d6 100644 --- a/libraries/common.lib.php +++ b/libraries/common.lib.php @@ -264,13 +264,24 @@ function PMA_array_merge_recursive() } /** - * calls $function vor every element in $array recursively + * calls $function for every element in $array recursively + * + * this function is protected against deep recursion attack CVE-2006-1549, + * 1000 seems to be more than enough + * + * @see http://www.php-security.org/MOPB/MOPB-02-2007.html + * @see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1549 * * @param array $array array to walk * @param string $function function to call for every array element */ function PMA_arrayWalkRecursive(&$array, $function, $apply_to_keys_also = false) { + static $recursive_counter = 0; + if (++$recursive_counter > 1000) { + die('possible deep recursion attack'); + } + foreach ($array as $key => $value) { if (is_array($value)) { PMA_arrayWalkRecursive($array[$key], $function, $apply_to_keys_also); @@ -286,6 +297,7 @@ function PMA_arrayWalkRecursive(&$array, $function, $apply_to_keys_also = false) } } } + $recursive_counter++; } /** -- 2.11.4.GIT