From c5ca57c3202c35f58d90693693a36f3498061003 Mon Sep 17 00:00:00 2001 From: Darian Anthony Patrick Date: Mon, 25 Apr 2016 10:55:39 -0700 Subject: [PATCH] Enforce upper limit on invocations of wfShellExec() Enforce an upper limit of 100,000 bytes on commands executed via wfShellExec() to avoid HHVM crash resulting from process spawned with argument exceeding MAX_ARG_STRLEN, as defined in binfmts.h Bug: T129506 --- includes/Defines.php | 6 ++++++ includes/GlobalFunctions.php | 8 ++++++++ 2 files changed, 14 insertions(+) diff --git a/includes/Defines.php b/includes/Defines.php index c9263da..2b36935 100644 --- a/includes/Defines.php +++ b/includes/Defines.php @@ -309,3 +309,9 @@ define( 'CONTENT_FORMAT_JSON', 'application/json' ); // for future use with the api, and for use by extensions define( 'CONTENT_FORMAT_XML', 'application/xml' ); /**@}*/ + +/**@{ + * Max string length for shell invocations; based on binfmts.h + */ +define( 'SHELL_MAX_ARG_STRLEN', '100000'); +/**@}*/ diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php index e717c12..fba6216 100644 --- a/includes/GlobalFunctions.php +++ b/includes/GlobalFunctions.php @@ -2801,6 +2801,14 @@ function wfShellExec( $cmd, &$retval = null, $environ = array(), } wfDebug( "wfShellExec: $cmd\n" ); + // Don't try to execute commands that exceed Linux's MAX_ARG_STRLEN. + // Other platforms may be more accomodating, but we don't want to be + // accomodating, because very long commands probably include user + // input. See T129506. + if ( strlen( $cmd ) > SHELL_MAX_ARG_STRLEN ) { + throw new Exception( __METHOD__ . '(): total length of $cmd must not exceed SHELL_MAX_ARG_STRLEN' ); + } + $desc = array( 0 => array( 'file', 'php://stdin', 'r' ), 1 => array( 'pipe', 'w' ), -- 2.5.4 (Apple Git-61)