From 12a25f6c31c88188024af0caeda341229e78ba77 Mon Sep 17 00:00:00 2001
From: Ori Livneh <ori@wikimedia.org>
Date: Thu, 10 Mar 2016 13:45:59 -0800
Subject: [PATCH] SECURITY: Enforce an upper limit of 100,000 bytes on command lines in
 wfShellExec()

Change-Id: If7b133aa4e361592b14ee350d042b0c8e185c97d
---
 includes/GlobalFunctions.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php
index 3fa91fa700..cfaf538b08 100644
--- a/includes/GlobalFunctions.php
+++ b/includes/GlobalFunctions.php
@@ -2478,6 +2478,14 @@ function wfShellExec( $cmd, &$retval = null, $environ = [],
 	}
 	wfDebug( "wfShellExec: $cmd\n" );
 
+	// Don't try to execute commands that exceed Linux's MAX_ARG_STRLEN.
+	// Other platforms may be more accomodating, but we don't want to be
+	// accomodating, because very long commands probably include user
+	// input.
+	if ( strlen( $cmd ) > 100000 ) {
+		throw new Exception( __METHOD__ . '(): total length of $cmd must not exceed 100000' );
+	}
+
 	$desc = [
 		0 => [ 'file', 'php://stdin', 'r' ],
 		1 => [ 'pipe', 'w' ],
-- 
2.7.2