'Re: [PHP-DEV] Unserialize Bug'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       php-internals
Subject:    Re: [PHP-DEV] Unserialize Bug
From:       Christian Schneider <cschneid () cschneid ! com>
Date:       2005-05-18 10:33:55
Message-ID: 428B1A13.6070504 () cschneid ! com
[Download RAW message or body]

Derick Rethans wrote:
> On Tue, 17 May 2005, Timm Friebe wrote:
> 
>>Fix
>>===
>>Allow anything the parser allows, [a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*
> 
> Do you have a patch? :)


Oops, and here a patch without the debug fprintf :-)

- Chris

["unserialize.patch.txt" (text/plain)]

Index: ext/standard/var_unserializer.c
===================================================================
RCS file: /repository/php-src/ext/standard/var_unserializer.c,v
retrieving revision 1.63
diff -u -r1.63 var_unserializer.c
--- ext/standard/var_unserializer.c	14 Apr 2005 22:38:29 -0000	1.63
+++ ext/standard/var_unserializer.c	18 May 2005 10:33:02 -0000
@@ -565,7 +565,7 @@
 		return 0;
 	}
 
-	len3 = strspn(class_name, \
"0123456789_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"); +	len3 = \
strspn(class_name, "0123456789_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ\17 \
7\200\201\202\203\204\205\206\207\210\211\212\213\214\215\216\217\220\221\222\223\224\ \
225\226\227\230\231\232\233\234\235\236\237\240\241\242\243\244\245\246\247\250\251\25 \
2\253\254\255\256\257\260\261\262\263\264\265\266\267\270\271\272\273\274\275\276\277\ \
300\301\302\303\304\305\306\307\310\311\312\313\314\315\316\317\320\321\322\323\324\32 \
5\326\327\330\331\332\333\334\335\336\337\340\341\342\343\344\345\346\347\350\351\352\ \
353\354\355\356\357\360\361\362\363\364\365\366\367\370\371\372\373\374\375\376\377");
  if (len3 != len)
 	{
 		*p = YYCURSOR + len3 - len;
Index: ext/standard/var_unserializer.re
===================================================================
RCS file: /repository/php-src/ext/standard/var_unserializer.re,v
retrieving revision 1.49
diff -u -r1.49 var_unserializer.re
--- ext/standard/var_unserializer.re	10 Mar 2005 00:10:21 -0000	1.49
+++ ext/standard/var_unserializer.re	18 May 2005 10:33:03 -0000
@@ -544,7 +544,7 @@
 		return 0;
 	}
 
-	len3 = strspn(class_name, \
"0123456789_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"); +	len3 = \
strspn(class_name, "0123456789_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ\17 \
7\200\201\202\203\204\205\206\207\210\211\212\213\214\215\216\217\220\221\222\223\224\ \
225\226\227\230\231\232\233\234\235\236\237\240\241\242\243\244\245\246\247\250\251\25 \
2\253\254\255\256\257\260\261\262\263\264\265\266\267\270\271\272\273\274\275\276\277\ \
300\301\302\303\304\305\306\307\310\311\312\313\314\315\316\317\320\321\322\323\324\32 \
5\326\327\330\331\332\333\334\335\336\337\340\341\342\343\344\345\346\347\350\351\352\ \
353\354\355\356\357\360\361\362\363\364\365\366\367\370\371\372\373\374\375\376\377");
  if (len3 != len)
 	{
 		*p = YYCURSOR + len3 - len;



-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic