Sebastian Mendel a écrit :
Marc Delisle schrieb:
Ok, if you want to commit to trunk, I'll test here. Then we'll probably release 2.10.0.2.
if have commited to trunk
Now, what do we do with http://sourceforge.net/tracker/index.php?func=detail&aid=1647030&gro...
they want security fixes published as patches. It's more work for us, but I can understand distro maintainers.
i have created this patch adn attached to the bug report
Sebastian,
this part of the patch: /** + * protect against deep recursion attack CVE-2006-1549, + * 1000 seems to be more than enough + * + * @see http://www.php-security.org/MOPB/MOPB-02-2007.html + * @see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1549 + */ +if (count($GLOBALS) > 1000) { + die('possible deep recurse attack'); +}
is not reached when I test the attack of MOPB-02, it's the other part that protects for this attack.
Do you know in which case this code would trigger? In the case of an attempt to override $GLOBALS?
Marc