Error when max_filter_count is set and exceeded

Read the maximum number of filters from context stream. If it is set, it
doesn't make sense to raise a deprecation warning, because this stream
context option didn't exist earlier. We raise an error consistent with
current stream handling, as long as rfc/stream_errors has not landed.

If it is not set, we give a deprecation warning when the 17th filter is
added. This is unfortunately done in another place; to prevent showing
warnings multiple times, the counting is done within the loop and not at
the end.

Author: Sjoerd Langkemper

ext/standard/php_fopen_wrapper.c

@@ -144,30 +144,54 @@ static const php_stream_ops php_stream_input_ops = {
 	NULL  /* set_option */
 };
 
-static const int max_stream_filters = 16;
+static const int max_filter_count_default = 16;
+
+static int php_get_max_filter_count(php_stream_context *context) {
+	if (context != NULL) {
+        zval *option_val = php_stream_context_get_option(context, "filter", "max_filter_count");
+        if (option_val) {
+            zend_long custom_limit = zval_get_long(option_val);
+            if (custom_limit >= 0) {
+                return (int)custom_limit;
+            }
+        }
+    }
+	return -1;
+}
+
+static bool php_stream_has_too_many_filters(php_stream *stream, php_stream_context *context) {
+	int max_filter_count = php_get_max_filter_count(context);
+	if (max_filter_count == -1) {
+		// If not explicitly configured we don't throw an error yet.
+		return false;
+	}
 
-static void php_stream_apply_filter_list(php_stream *stream, char *filterlist, int read_chain, int write_chain) /* {{{ */
+	int count = MAX(php_stream_filter_count(&stream->readfilters), php_stream_filter_count(&stream->writefilters));
+	return count > max_filter_count;
+}
+
+static void php_stream_apply_filter_list(php_stream *stream, char *filterlist, int read_chain, int write_chain, bool warn_filter_count) /* {{{ */
 {
 	char *p, *token = NULL;
 	php_stream_filter *temp_filter;
 
 	p = php_strtok_r(filterlist, "|", &token);
 	while (p) {
+		int count = read_chain ? php_stream_filter_count(&stream->readfilters) : write_chain ? php_stream_filter_count(&stream->writefilters) : 0;
+		if (warn_filter_count && count == max_filter_count_default) {
+			zend_error(E_DEPRECATED, "Using more than %d filters in a php://filter URL is deprecated, "
+				"set this limit using the stream context option max_filter_count, or use stream_filter_append", max_filter_count_default);
+		}
+
 		php_url_decode(p, strlen(p));
 		if (read_chain) {
-			if (php_stream_filter_count(&stream->readfilters) == max_stream_filters) {
-				zend_error(E_DEPRECATED, "Using more than %d filters in a php://filter URL is deprecated, use stream_filter_append to chain more than %d filters", max_stream_filters, max_stream_filters);
-			}
 			if ((temp_filter = php_stream_filter_create(p, NULL, php_stream_is_persistent(stream)))) {
 				php_stream_filter_append(&stream->readfilters, temp_filter);
 			} else {
 				php_error_docref(NULL, E_WARNING, "Unable to create filter (%s)", p);
 			}
 		}
 		if (write_chain) {
-			if (php_stream_filter_count(&stream->writefilters) == max_stream_filters) {
-				zend_error(E_DEPRECATED, "Using more than %d filters in a php://filter URL is deprecated, use stream_filter_append to chain more than %d filters", max_stream_filters, max_stream_filters);
-			}
 			if ((temp_filter = php_stream_filter_create(p, NULL, php_stream_is_persistent(stream)))) {
 				php_stream_filter_append(&stream->writefilters, temp_filter);
 			} else {
@@ -363,16 +387,18 @@ static php_stream * php_stream_url_wrap_php(php_stream_wrapper *wrapper, const c
 			return NULL;
 		}
 
+		bool max_filter_count_not_set = php_get_max_filter_count(context) == -1;
+
 		*p = '\0';
 
 		p = php_strtok_r(pathdup + 1, "/", &token);
 		while (p) {
 			if (!strncasecmp(p, "read=", 5)) {
-				php_stream_apply_filter_list(stream, p + 5, 1, 0);
+				php_stream_apply_filter_list(stream, p + 5, 1, 0, max_filter_count_not_set);
 			} else if (!strncasecmp(p, "write=", 6)) {
-				php_stream_apply_filter_list(stream, p + 6, 0, 1);
+				php_stream_apply_filter_list(stream, p + 6, 0, 1, max_filter_count_not_set);
 			} else {
-				php_stream_apply_filter_list(stream, p, mode_rw & PHP_STREAM_FILTER_READ, mode_rw & PHP_STREAM_FILTER_WRITE);
+				php_stream_apply_filter_list(stream, p, mode_rw & PHP_STREAM_FILTER_READ, mode_rw & PHP_STREAM_FILTER_WRITE, max_filter_count_not_set);
 			}
 			p = php_strtok_r(NULL, "/", &token);
 		}
@@ -383,6 +409,12 @@ static php_stream * php_stream_url_wrap_php(php_stream_wrapper *wrapper, const c
 			return NULL;
 		}
 
+		if (php_stream_has_too_many_filters(stream, context)) {
+			php_stream_wrapper_log_error(wrapper, options, "too many filters");
+			php_stream_close(stream);
+			return NULL;
+		}
+
 		return stream;
 	} else {
 		/* invalid php://thingy */

ext/standard/tests/filters/max_filter_chain.phpt

@@ -33,6 +33,18 @@ foreach ($blocked_include as $chain) {
     var_dump(include $chain);
 }
 
+$ctx = stream_context_create(['filter' => ['max_filter_count' => 2]]);
+$blocked_read = createFilterChains(3, 'data:text/plain,three');
+foreach ($blocked_read as $chain) {
+    var_dump(file_get_contents($chain, false, $ctx));
+}
+
+$ctx = stream_context_create(['filter' => ['max_filter_count' => 20]]);
+$allowed_read = createFilterChains(19, 'data:text/plain,nineteen');
+foreach ($allowed_read as $chain) {
+    var_dump(file_get_contents($chain, false, $ctx));
+}
+
 // Test that the warning is only given once, even when we add two filters over the limit.
 $blocked_read = createFilterChains(18, 'data:text/plain,eighteen');
 foreach ($blocked_read as $chain) {
@@ -56,30 +68,42 @@ int(1)
 int(1)
 int(1)
 
-Deprecated: Using more than 16 filters in a php://filter URL is deprecated, use stream_filter_append to chain more than 16 filters in %smax_filter_chain.php on line %d
+Deprecated: Using more than 16 filters in a php://filter URL is deprecated, set this limit using the stream context option max_filter_count, or use stream_filter_append in %smax_filter_chain.php on line %d
 string(9) "SEVENTEEN"
 
-Deprecated: Using more than 16 filters in a php://filter URL is deprecated, use stream_filter_append to chain more than 16 filters in %smax_filter_chain.php on line %d
+Deprecated: Using more than 16 filters in a php://filter URL is deprecated, set this limit using the stream context option max_filter_count, or use stream_filter_append in %smax_filter_chain.php on line %d
 string(9) "SEVENTEEN"
 
-Deprecated: Using more than 16 filters in a php://filter URL is deprecated, use stream_filter_append to chain more than 16 filters in %smax_filter_chain.php on line %d
+Deprecated: Using more than 16 filters in a php://filter URL is deprecated, set this limit using the stream context option max_filter_count, or use stream_filter_append in %smax_filter_chain.php on line %d
 string(9) "SEVENTEEN"
 
-Deprecated: Using more than 16 filters in a php://filter URL is deprecated, use stream_filter_append to chain more than 16 filters in %smax_filter_chain.php on line %d
+Deprecated: Using more than 16 filters in a php://filter URL is deprecated, set this limit using the stream context option max_filter_count, or use stream_filter_append in %smax_filter_chain.php on line %d
 int(1)
 
-Deprecated: Using more than 16 filters in a php://filter URL is deprecated, use stream_filter_append to chain more than 16 filters in %smax_filter_chain.php on line %d
+Deprecated: Using more than 16 filters in a php://filter URL is deprecated, set this limit using the stream context option max_filter_count, or use stream_filter_append in %smax_filter_chain.php on line %d
 int(1)
 
-Deprecated: Using more than 16 filters in a php://filter URL is deprecated, use stream_filter_append to chain more than 16 filters in %smax_filter_chain.php on line %d
+Deprecated: Using more than 16 filters in a php://filter URL is deprecated, set this limit using the stream context option max_filter_count, or use stream_filter_append in %smax_filter_chain.php on line %d
 int(1)
 
-Deprecated: Using more than 16 filters in a php://filter URL is deprecated, use stream_filter_append to chain more than 16 filters in %smax_filter_chain.php on line %d
+Warning: file_get_contents(php://filter/string.toupper|string.toupper|string.toupper/resource=data:text/plain,three): Failed to open stream: too many filters in %s on line %d
+bool(false)
+
+Warning: file_get_contents(php://filter/string.toupper/string.toupper/string.toupper/resource=data:text/plain,three): Failed to open stream: too many filters in %s on line %d
+bool(false)
+
+Warning: file_get_contents(php://filter/string.toupper/resource=php://filter/string.toupper/resource=php://filter/string.toupper/resource=data:text/plain,three): Failed to open stream: too many filters in %s on line %d
+bool(false)
+string(8) "NINETEEN"
+string(8) "NINETEEN"
+string(8) "NINETEEN"
+
+Deprecated: Using more than 16 filters in a php://filter URL is deprecated, set this limit using the stream context option max_filter_count, or use stream_filter_append in %smax_filter_chain.php on line %d
 string(8) "EIGHTEEN"
 
-Deprecated: Using more than 16 filters in a php://filter URL is deprecated, use stream_filter_append to chain more than 16 filters in %smax_filter_chain.php on line %d
+Deprecated: Using more than 16 filters in a php://filter URL is deprecated, set this limit using the stream context option max_filter_count, or use stream_filter_append in %smax_filter_chain.php on line %d
 string(8) "EIGHTEEN"
 
-Deprecated: Using more than 16 filters in a php://filter URL is deprecated, use stream_filter_append to chain more than 16 filters in %smax_filter_chain.php on line %d
+Deprecated: Using more than 16 filters in a php://filter URL is deprecated, set this limit using the stream context option max_filter_count, or use stream_filter_append in %smax_filter_chain.php on line %d
 string(8) "EIGHTEEN"
 string(20) "STREAM_FILTER_APPEND"