[prev in list] [next in list] [prev in thread] [next in thread]
List: php-internals
Subject: Re: [PHP-DEV] Unserialize Bug
From: Christian Schneider <cschneid () cschneid ! com>
Date: 2005-05-18 10:33:55
Message-ID: 428B1A13.6070504 () cschneid ! com
[Download RAW message or body]
Derick Rethans wrote:
> On Tue, 17 May 2005, Timm Friebe wrote:
>
>>Fix
>>===
>>Allow anything the parser allows, [a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*
>
> Do you have a patch? :)
Oops, and here a patch without the debug fprintf :-)
- Chris
["unserialize.patch.txt" (text/plain)]
Index: ext/standard/var_unserializer.c
===================================================================
RCS file: /repository/php-src/ext/standard/var_unserializer.c,v
retrieving revision 1.63
diff -u -r1.63 var_unserializer.c
--- ext/standard/var_unserializer.c 14 Apr 2005 22:38:29 -0000 1.63
+++ ext/standard/var_unserializer.c 18 May 2005 10:33:02 -0000
@@ -565,7 +565,7 @@
return 0;
}
- len3 = strspn(class_name, \
"0123456789_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"); + len3 = \
strspn(class_name, "0123456789_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ\17 \
7\200\201\202\203\204\205\206\207\210\211\212\213\214\215\216\217\220\221\222\223\224\ \
225\226\227\230\231\232\233\234\235\236\237\240\241\242\243\244\245\246\247\250\251\25 \
2\253\254\255\256\257\260\261\262\263\264\265\266\267\270\271\272\273\274\275\276\277\ \
300\301\302\303\304\305\306\307\310\311\312\313\314\315\316\317\320\321\322\323\324\32 \
5\326\327\330\331\332\333\334\335\336\337\340\341\342\343\344\345\346\347\350\351\352\ \
353\354\355\356\357\360\361\362\363\364\365\366\367\370\371\372\373\374\375\376\377");
if (len3 != len)
{
*p = YYCURSOR + len3 - len;
Index: ext/standard/var_unserializer.re
===================================================================
RCS file: /repository/php-src/ext/standard/var_unserializer.re,v
retrieving revision 1.49
diff -u -r1.49 var_unserializer.re
--- ext/standard/var_unserializer.re 10 Mar 2005 00:10:21 -0000 1.49
+++ ext/standard/var_unserializer.re 18 May 2005 10:33:03 -0000
@@ -544,7 +544,7 @@
return 0;
}
- len3 = strspn(class_name, \
"0123456789_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"); + len3 = \
strspn(class_name, "0123456789_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ\17 \
7\200\201\202\203\204\205\206\207\210\211\212\213\214\215\216\217\220\221\222\223\224\ \
225\226\227\230\231\232\233\234\235\236\237\240\241\242\243\244\245\246\247\250\251\25 \
2\253\254\255\256\257\260\261\262\263\264\265\266\267\270\271\272\273\274\275\276\277\ \
300\301\302\303\304\305\306\307\310\311\312\313\314\315\316\317\320\321\322\323\324\32 \
5\326\327\330\331\332\333\334\335\336\337\340\341\342\343\344\345\346\347\350\351\352\ \
353\354\355\356\357\360\361\362\363\364\365\366\367\370\371\372\373\374\375\376\377");
if (len3 != len)
{
*p = YYCURSOR + len3 - len;
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic