when value properties that start with a null byte are set or retrieve…

…d (this happens when the user relies on specific Zend features) we now block such access because we do not want the user to be exposed to the peculiarities of the Zend engine
CopernicaMarketingSoftware · Aug 26, 2014 · cb68082 · cb68082
1 parent f526c4c
commit cb68082
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/zend/value.cpp b/zend/value.cpp
@@ -1871,7 +1871,7 @@ Value Value::get(int index) const
  */
 Value Value::get(const char *key, int size) const
 {
-    // must be an array
+    // must be an array or object
     if (!isArray() && !isObject()) return Value();
 
     // calculate size
@@ -1891,6 +1891,9 @@ Value Value::get(const char *key, int size) const
     }
     else
     {
+        // key should not start with a null byte
+        if (size > 0 && key[0] == 0) return Value();
+
         // we need the tsrm_ls variable
         TSRMLS_FETCH();
 
@@ -1957,6 +1960,9 @@ void Value::set(int index, const Value &value)
  */
 void Value::setRaw(const char *key, int size, const Value &value)
 {
+    // does not work for empty keys
+    if (!key || (size > 0 && key[0] == 0)) return;
+
     // is this an object?
     if (isObject())
     {
@@ -1968,7 +1974,7 @@ void Value::setRaw(const char *key, int size, const Value &value)
 
         // retrieve the class entry
         auto *entry = zend_get_class_entry(_val TSRMLS_CC);
-
+        
         // update the property (cast necessary for php 5.3)
         zend_update_property(entry, _val, (char *)key, size, value._val TSRMLS_CC);
     }