Fix suhosin.get/post/cookie.max_totalname_length filter

author: Stefan Esser 2014-02-16 12:04:31 +0100
committer: Stefan Esser 2014-02-16 12:04:31 +0100
commit: fb48d9f8eae679d5a79fd488bdac6a90e61a923a (patch)
tree: 9707637a306221c38d8d82b737cf4354a4b8d850
parent: 04f02a230d40c2d86b9d477a7810de24b15a7590 (diff)
2 files changed, 4 insertions, 3 deletions
diff --git a/Changelog b/Changelog
index 5fd728d..9bc62e9 100644
--- a/Changelog
+++ b/Changelog
@@ -10,6 +10,7 @@
    - Added some test cases for various things
    - Added suhosin.log.stdout to log to stdout (for debugging purposes only)
    - Add ini_set() fail mode to suhosin.disable.display_errors
+    - Fix suhosin.get/post/cookie.max_totalname_length filter
    - TODO: WARN THAT FUNCTION WHITELISTS/BLACKLISTS NEVER WORKED CORRECTLY WITH PHP < 5.5
 2012-02-12 - 0.9.34
diff --git a/ifilter.c b/ifilter.c
index d231bc5..42f5d9b 100644
--- a/ifilter.c
+++ b/ifilter.c
@@ -463,7 +463,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
                                        return 0;
                                }
                        }
-                        if (SUHOSIN_G(max_get_totalname_length) && SUHOSIN_G(max_get_totalname_length) < var_len) {
+                        if (SUHOSIN_G(max_get_totalname_length) && SUHOSIN_G(max_get_totalname_length) < total_len) {
                                suhosin_log(S_VARS, "configured GET variable total name length limit exceeded - dropped variable '%s'", var);
                                if (!SUHOSIN_G(simulation)) {
                                        return 0;
@@ -477,7 +477,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
                                        return 0;
                                }
                        }
-                        if (SUHOSIN_G(max_cookie_totalname_length) && SUHOSIN_G(max_cookie_totalname_length) < var_len) {
+                        if (SUHOSIN_G(max_cookie_totalname_length) && SUHOSIN_G(max_cookie_totalname_length) < total_len) {
                                suhosin_log(S_VARS, "configured COOKIE variable total name length limit exceeded - dropped variable '%s'", var);
                                if (!SUHOSIN_G(simulation)) {
                                        return 0;
@@ -491,7 +491,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
                                        return 0;
                                }
                        }
-                        if (SUHOSIN_G(max_post_totalname_length) && SUHOSIN_G(max_post_totalname_length) < var_len) {
+                        if (SUHOSIN_G(max_post_totalname_length) && SUHOSIN_G(max_post_totalname_length) < total_len) {
                                suhosin_log(S_VARS, "configured POST variable total name length limit exceeded - dropped variable '%s'", var);
                                if (!SUHOSIN_G(simulation)) {
                                        return 0;
author	Stefan Esser	2014-02-16 12:04:31 +0100
committer	Stefan Esser	2014-02-16 12:04:31 +0100
commit	fb48d9f8eae679d5a79fd488bdac6a90e61a923a (patch)
tree	9707637a306221c38d8d82b737cf4354a4b8d850
parent	04f02a230d40c2d86b9d477a7810de24b15a7590 (diff)