Again i decided to download the patch and apply the patch manually, because it's very small and it only affecting 1 file, libraries/common.lib.php. Find this function: function PMA_arrayWalkRecursive(&$array, $function, $apply_to_keys_also = false) and then change the content into :
/**
* calls $function for every element in $array recursively
*
* this function is protected against deep recursion attack CVE-2006-1549,
* 1000 seems to be more than enough
*
* @see http://www.php-security.org/MOPB/MOPB-02-2007.html
* @see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1549
*
*/
function PMA_arrayWalkRecursive(&$array, $function, $apply_to_keys_also = false)
{
static $recursive_counter = 0;
if (++$recursive_counter > 1000) {
die('possible deep recursion attack');
}
foreach ($array as $key => $value) {
if (is_array($value)) {
PMA_arrayWalkRecursive($array[$key], $function, $apply_to_keys_also);
} else {
$array[$key] = $function($value);
}
if ($apply_to_keys_also && is_string($key)) {
$new_key = $function($key);
if ($new_key != $key) {
$array[$new_key] = $array[$key];
unset($array[$key]);
}
}
}
$recursive_counter++;
}
Don't forget to change the version in Config.class.php into 2.10.0.2 and you're done with PHPMyAdmin. It has reflected the latest version.
In my opinion, it's not completely PHP's fault. We as the developer should also give this kind of protection to our application because the resources are limited, so we should try not to pass that limit. Actually this kind of attack not only affecting PHPMyAdmin, but also other application which uses recursive array function like what PHPMyAdmin had, so better check your application now before it's too late.
No comments:
Post a Comment