@@ -231,14 +231,21 @@ zend_bool s_memc_valid_key_binary(zend_string *key)
231231}
232232
233233static
234- zend_bool s_memc_valid_key_ascii (zend_string * key )
234+ zend_bool s_memc_valid_key_ascii (zend_string * key , uint64_t verify_key )
235235{
236236 const char * str = ZSTR_VAL (key );
237237 size_t i , len = ZSTR_LEN (key );
238238
239- for (i = 0 ; i < len ; i ++ ) {
240- if (!isgraph (str [i ]) || isspace (str [i ]))
241- return 0 ;
239+ if (verify_key ) {
240+ for (i = 0 ; i < len ; i ++ ) {
241+ if (!isgraph (str [i ]) || isspace (str [i ]))
242+ return 0 ;
243+ }
244+ } else { /* if key verification is disabled, only check for spaces to avoid injection issues */
245+ for (i = 0 ; i < len ; i ++ ) {
246+ if (isspace (str [i ]))
247+ return 0 ;
248+ }
242249 }
243250 return 1 ;
244251}
@@ -248,7 +255,7 @@ zend_bool s_memc_valid_key_ascii(zend_string *key)
248255 ZSTR_LEN(key) > MEMC_OBJECT_KEY_MAX_LENGTH || \
249256 (memcached_behavior_get(intern->memc, MEMCACHED_BEHAVIOR_BINARY_PROTOCOL) \
250257 ? !s_memc_valid_key_binary(key) \
251- : ( memcached_behavior_get(intern->memc, MEMCACHED_BEHAVIOR_VERIFY_KEY) && !s_memc_valid_key_ascii(key )) \
258+ : !s_memc_valid_key_ascii(key, memcached_behavior_get(intern->memc, MEMCACHED_BEHAVIOR_VERIFY_KEY)) \
252259 ))) { \
253260 intern->rescode = MEMCACHED_BAD_KEY_PROVIDED; \
254261 RETURN_FALSE; \
@@ -342,7 +349,7 @@ PHP_INI_MH(OnUpdateSessionPrefixString)
342349 php_error_docref (NULL , E_WARNING , "memcached.sess_prefix too long (max: %d)" , MEMCACHED_MAX_KEY - 1 );
343350 return FAILURE ;
344351 }
345- if (!s_memc_valid_key_ascii (new_value )) {
352+ if (!s_memc_valid_key_ascii (new_value , 1 )) {
346353 php_error_docref (NULL , E_WARNING , "memcached.sess_prefix cannot contain whitespace or control characters" );
347354 return FAILURE ;
348355 }
0 commit comments