From 8f2433d78347b2f1542e95652fa74d38346fb6ec Mon Sep 17 00:00:00 2001
From: Ben Fuhrmannek
Date: Mon, 22 Sep 2014 19:06:56 +0200
Subject: disallow_nul does not assume the input value to be nul terminated
 anymore

---
 ifilter.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/ifilter.c b/ifilter.c
index dfe7c6b..48b62c7 100644
--- a/ifilter.c
+++ b/ifilter.c
@@ -34,6 +34,13 @@
 
 static void (*orig_register_server_variables)(zval *track_vars_array TSRMLS_DC) = NULL;
 
+#if !HAVE_STRNLEN
+static size_t strnlen(const char *s, size_t maxlen) {
+	char *r = memchr(s, '\0', maxlen);
+	return r ? r-s : maxlen;
+}
+#endif
+
 
 /* {{{ normalize_varname
  */
@@ -590,7 +597,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
 
 	/* Check if variable value is truncated by a \0 */
 	
-	if (val && *val && val_len != strlen(*val)) {
+	if (val && *val && val_len != strnlen(*val, val_len)) {
 	
 		if (SUHOSIN_G(disallow_nul)) {
 			suhosin_log(S_VARS, "ASCII-NUL chars not allowed within request variables - dropped variable '%s'", var);
-- 
cgit v1.3