Skip to content
Permalink
Browse files

Add an upper bound to the POST data SecurityComponent will consider.

'Kurita Takashi' has let us know that the previous patterns could be
abused by an evil doer. One could potentially send a very large deeply
nested POST data structure. Matching that structure could overflow the
PCRE limits causing a segmentation fault. Adding an upper bound will
solve the problem and I doubt anyone is doing POST data structures with
more than 10 levels of nesting.
  • Loading branch information...
markstory committed Jul 4, 2014
1 parent 765be87 commit 1988e89e7382ba830c0172f399887595714c5b18
Showing with 2 additions and 2 deletions.
  1. +2 −2 lib/Cake/Controller/Component/SecurityComponent.php
@@ -470,8 +470,8 @@ protected function _validatePost(Controller $controller) {
$multi = array();
foreach ($fieldList as $i => $key) {
if (preg_match('/(\.\d+)+$/', $key)) {
$multi[$i] = preg_replace('/(\.\d+)+$/', '', $key);
if (preg_match('/(\.\d{1,10})+$/', $key)) {
$multi[$i] = preg_replace('/(\.\d{1,10})+$/', '', $key);
unset($fieldList[$i]);
}
}

3 comments on commit 1988e89

@chinpei215

This comment has been minimized.

Copy link
Member

chinpei215 replied Jul 6, 2014

/(.\d{1,10})+$/ limits number of digits.
/(.\d+){1,10}$/ is right.

@markstory

This comment has been minimized.

Copy link
Member Author

markstory replied Jul 6, 2014

Good catch, I will get that fixed.

@markstory

This comment has been minimized.

Copy link
Member Author

markstory replied Jul 6, 2014

Fixed in b3dfad6

Please sign in to comment.
You can’t perform that action at this time.