disallow_nul does not assume the input value to be nul terminated anymore

author: Ben Fuhrmannek 2014-09-22 19:06:56 +0200
committer: Ben Fuhrmannek 2014-09-22 19:06:56 +0200
commit: 8f2433d78347b2f1542e95652fa74d38346fb6ec (patch)
tree: e081aea8fde851adcf4e22ffd8c001b349dc6f8d
parent: 3a569c100c5b5c359cda16e0ac311032450df02e (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/ifilter.c b/ifilter.c
index dfe7c6b..48b62c7 100644
--- a/ifilter.c
+++ b/ifilter.c
@@ -34,6 +34,13 @@
 static void (*orig_register_server_variables)(zval *track_vars_array TSRMLS_DC) = NULL;
+#if !HAVE_STRNLEN
+static size_t strnlen(const char *s, size_t maxlen) {
+        char *r = memchr(s, '\0', maxlen);
+        return r ? r-s : maxlen;
+}
+#endif
 /* {{{ normalize_varname
 */
@@ -590,7 +597,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
        /* Check if variable value is truncated by a \0 */
        
-        if (val && *val && val_len != strlen(*val)) {
+        if (val && *val && val_len != strnlen(*val, val_len)) {
        
                if (SUHOSIN_G(disallow_nul)) {
                        suhosin_log(S_VARS, "ASCII-NUL chars not allowed within request variables - dropped variable '%s'", var);
author	Ben Fuhrmannek	2014-09-22 19:06:56 +0200
committer	Ben Fuhrmannek	2014-09-22 19:06:56 +0200
commit	8f2433d78347b2f1542e95652fa74d38346fb6ec (patch)
tree	e081aea8fde851adcf4e22ffd8c001b349dc6f8d
parent	3a569c100c5b5c359cda16e0ac311032450df02e (diff)