Merge pull request #254 from pmmaga/fix-key-validation

Fix object key validation

Author: andreiz

Diff for: php_memcached.c

@@ -57,6 +57,11 @@
 #define JSON_PARSER_DEFAULT_DEPTH 512
 #endif
 
+/****************************************
+  Protocol parameters
+****************************************/
+#define MEMC_OBJECT_KEY_MAX_LENGTH 250
+
 /****************************************
   Custom options
 ****************************************/
@@ -576,7 +581,7 @@ static void php_memc_get_impl(INTERNAL_FUNCTION_PARAMETERS, zend_bool by_key)
 	MEMC_METHOD_FETCH_OBJECT;
 	i_obj->rescode = MEMCACHED_SUCCESS;
 
-	if (key_len == 0 || strchr(key, ' ')) {
+	if (key_len == 0 || key_len > MEMC_OBJECT_KEY_MAX_LENGTH || strchr(key, ' ') || strchr(key, '\n')) {
 		i_obj->rescode = MEMCACHED_BAD_KEY_PROVIDED;
 		RETURN_FROM_GET;
 	}
@@ -1448,7 +1453,7 @@ static void php_memc_store_impl(INTERNAL_FUNCTION_PARAMETERS, int op, zend_bool
 	MEMC_METHOD_FETCH_OBJECT;
 	i_obj->rescode = MEMCACHED_SUCCESS;
 
-	if (key_len == 0 || strchr(key, ' ')) {
+	if (key_len == 0 || key_len > MEMC_OBJECT_KEY_MAX_LENGTH || strchr(key, ' ') || strchr(key, '\n')) {
 		i_obj->rescode = MEMCACHED_BAD_KEY_PROVIDED;
 		RETURN_FALSE;
 	}
@@ -1599,7 +1604,7 @@ static void php_memc_cas_impl(INTERNAL_FUNCTION_PARAMETERS, zend_bool by_key)
 	MEMC_METHOD_FETCH_OBJECT;
 	i_obj->rescode = MEMCACHED_SUCCESS;
 
-	if (key_len == 0 || strchr(key, ' ')) {
+	if (key_len == 0 || key_len > MEMC_OBJECT_KEY_MAX_LENGTH || strchr(key, ' ') || strchr(key, '\n')) {
 		i_obj->rescode = MEMCACHED_BAD_KEY_PROVIDED;
 		RETURN_FALSE;
 	}
@@ -1717,7 +1722,7 @@ static void php_memc_delete_impl(INTERNAL_FUNCTION_PARAMETERS, zend_bool by_key)
 	MEMC_METHOD_FETCH_OBJECT;
 	i_obj->rescode = MEMCACHED_SUCCESS;
 
-	if (key_len == 0 || strchr(key, ' ')) {
+	if (key_len == 0 || key_len > MEMC_OBJECT_KEY_MAX_LENGTH || strchr(key, ' ') || strchr(key, '\n')) {
 		i_obj->rescode = MEMCACHED_BAD_KEY_PROVIDED;
 		RETURN_FALSE;
 	}
@@ -1817,7 +1822,7 @@ static void php_memc_incdec_impl(INTERNAL_FUNCTION_PARAMETERS, zend_bool by_key,
 	MEMC_METHOD_FETCH_OBJECT;
 	i_obj->rescode = MEMCACHED_SUCCESS;
 
-	if (key_len == 0 || strchr(key, ' ')) {
+	if (key_len == 0 || key_len > MEMC_OBJECT_KEY_MAX_LENGTH || strchr(key, ' ') || strchr(key, '\n')) {
 		i_obj->rescode = MEMCACHED_BAD_KEY_PROVIDED;
 		RETURN_FALSE;
 	}

Diff for: tests/keys.phpt

@@ -15,9 +15,18 @@ $ascii = memc_get_instance ();
 var_dump ($binary->set ('binary key with spaces', 'this is a test'));
 var_dump ($binary->getResultCode () == Memcached::RES_BAD_KEY_PROVIDED);
 
+var_dump ($binary->set ('binarykeywithnewline' . PHP_EOL, 'this is a test'));
+var_dump ($binary->getResultCode () == Memcached::RES_BAD_KEY_PROVIDED);
+
 var_dump ($ascii->set ('ascii key with spaces', 'this is a test'));
 var_dump ($ascii->getResultCode () == Memcached::RES_BAD_KEY_PROVIDED);
 
+var_dump ($binary->set ('asciikeywithnewline' . PHP_EOL, 'this is a test'));
+var_dump ($binary->getResultCode () == Memcached::RES_BAD_KEY_PROVIDED);
+
+var_dump ($ascii->set (''/*empty key*/, 'this is a test'));
+var_dump ($ascii->getResultCode () == Memcached::RES_BAD_KEY_PROVIDED);
+
 var_dump ($ascii->set (str_repeat ('1234567890', 512), 'this is a test'));
 var_dump ($ascii->getResultCode () == Memcached::RES_BAD_KEY_PROVIDED);
 
@@ -30,4 +39,10 @@ bool(false)
 bool(true)
 bool(false)
 bool(true)
+bool(false)
+bool(true)
+bool(false)
+bool(true)
+bool(false)
+bool(true)
 OK