summaryrefslogtreecommitdiff
path: root/ifilter.c
diff options
context:
space:
mode:
Diffstat (limited to 'ifilter.c')
-rw-r--r--ifilter.c77
1 files changed, 42 insertions, 35 deletions
diff --git a/ifilter.c b/ifilter.c
index 42f5d9b..d73106b 100644
--- a/ifilter.c
+++ b/ifilter.c
@@ -502,49 +502,56 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
502 502
503 /* Find out array depth */ 503 /* Find out array depth */
504 while (index) { 504 while (index) {
505 char *index_end;
505 unsigned int index_length; 506 unsigned int index_length;
506 507
508 /* overjump '[' */
509 index++;
510
511 /* increase array depth */
507 depth++; 512 depth++;
508 index = strchr(index+1, '['); 513
514 index_end = strchr(index, ']');
515 if (index_end == NULL) {
516 index_end = index+strlen(index);
517 }
509 518
510 if (prev_index) { 519 index_length = index_end - index;
511 index_length = index ? index - 1 - prev_index - 1: strlen(prev_index);
512 520
513 if (SUHOSIN_G(max_array_index_length) && SUHOSIN_G(max_array_index_length) < index_length) { 521 if (SUHOSIN_G(max_array_index_length) && SUHOSIN_G(max_array_index_length) < index_length) {
514 suhosin_log(S_VARS, "configured request variable array index length limit exceeded - dropped variable '%s'", var); 522 suhosin_log(S_VARS, "configured request variable array index length limit exceeded - dropped variable '%s'", var);
515 if (!SUHOSIN_G(simulation)) { 523 if (!SUHOSIN_G(simulation)) {
516 return 0; 524 return 0;
517 }
518 }
519 switch (arg) {
520 case PARSE_GET:
521 if (SUHOSIN_G(max_get_array_index_length) && SUHOSIN_G(max_get_array_index_length) < index_length) {
522 suhosin_log(S_VARS, "configured GET variable array index length limit exceeded - dropped variable '%s'", var);
523 if (!SUHOSIN_G(simulation)) {
524 return 0;
525 }
526 }
527 break;
528 case PARSE_COOKIE:
529 if (SUHOSIN_G(max_cookie_array_index_length) && SUHOSIN_G(max_cookie_array_index_length) < index_length) {
530 suhosin_log(S_VARS, "configured COOKIE variable array index length limit exceeded - dropped variable '%s'", var);
531 if (!SUHOSIN_G(simulation)) {
532 return 0;
533 }
534 }
535 break;
536 case PARSE_POST:
537 if (SUHOSIN_G(max_post_array_index_length) && SUHOSIN_G(max_post_array_index_length) < index_length) {
538 suhosin_log(S_VARS, "configured POST variable array index length limit exceeded - dropped variable '%s'", var);
539 if (!SUHOSIN_G(simulation)) {
540 return 0;
541 }
542 }
543 break;
544 } 525 }
545 prev_index = index; 526 }
527 switch (arg) {
528 case PARSE_GET:
529 if (SUHOSIN_G(max_get_array_index_length) && SUHOSIN_G(max_get_array_index_length) < index_length) {
530 suhosin_log(S_VARS, "configured GET variable array index length limit exceeded - dropped variable '%s'", var);
531 if (!SUHOSIN_G(simulation)) {
532 return 0;
533 }
534 }
535 break;
536 case PARSE_COOKIE:
537 if (SUHOSIN_G(max_cookie_array_index_length) && SUHOSIN_G(max_cookie_array_index_length) < index_length) {
538 suhosin_log(S_VARS, "configured COOKIE variable array index length limit exceeded - dropped variable '%s'", var);
539 if (!SUHOSIN_G(simulation)) {
540 return 0;
541 }
542 }
543 break;
544 case PARSE_POST:
545 if (SUHOSIN_G(max_post_array_index_length) && SUHOSIN_G(max_post_array_index_length) < index_length) {
546 suhosin_log(S_VARS, "configured POST variable array index length limit exceeded - dropped variable '%s'", var);
547 if (!SUHOSIN_G(simulation)) {
548 return 0;
549 }
550 }
551 break;
546 } 552 }
547 553
554 index = strchr(index, '[');
548 } 555 }
549 556
550 /* Drop this variable if it exceeds the array depth limit */ 557 /* Drop this variable if it exceeds the array depth limit */