Skip to content

Commit

Permalink
Add an upper bound to the POST data SecurityComponent will consider.
Browse files Browse the repository at this point in the history 
'Kurita Takashi' has let us know that the previous patterns could be
abused by an evil doer. One could potentially send a very large deeply
nested POST data structure. Matching that structure could overflow the
PCRE limits causing a segmentation fault. Adding an upper bound will
solve the problem and I doubt anyone is doing POST data structures with
more than 10 levels of nesting.
  • Loading branch information
@markstory
markstory committed Jul 4, 2014
1 parent 765be87 commit 1988e89
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions lib/Cake/Controller/Component/SecurityComponent.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -470,8 +470,8 @@ protected function _validatePost(Controller $controller) {
$multi = array();

foreach ($fieldList as $i => $key) {
if (preg_match('/(\.\d+)+$/', $key)) {
$multi[$i] = preg_replace('/(\.\d+)+$/', '', $key);
if (preg_match('/(\.\d{1,10})+$/', $key)) {
$multi[$i] = preg_replace('/(\.\d{1,10})+$/', '', $key);
unset($fieldList[$i]);
}
}
Expand Down

3 comments on commit 1988e89

@chinpei215
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/(.\d{1,10})+$/ limits number of digits.
/(.\d+){1,10}$/ is right.

@markstory
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch, I will get that fixed.

@markstory
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed in b3dfad6

Please sign in to comment.