diff options
author | Nikita Popov <nikita.ppv@gmail.com> | 2019-01-22 18:07:46 +0100 |
---|---|---|
committer | Nikita Popov <nikita.ppv@gmail.com> | 2019-01-22 18:09:49 +0100 |
commit | 89a4c172e24d7eb2be7f272a6075634a14f1d791 (patch) | |
tree | 1fa31590502fe401e6625e097192a145686912f9 | |
parent | 0daebf9a016065dcdea7f5b1cc55516231e532be (diff) | |
download | php-git-89a4c172e24d7eb2be7f272a6075634a14f1d791.tar.gz |
Remove the "o" serialization format
We never generate the "o" format during serialization, so let's not
keep this unnecessary attack surface around.
-rw-r--r-- | UPGRADING | 4 | ||||
-rw-r--r-- | ext/standard/var_unserializer.re | 11 |
2 files changed, 4 insertions, 11 deletions
@@ -75,6 +75,10 @@ PHP 7.4 UPGRADE NOTES passed. Previously this would generate a recoverable fatal error on the next extraction operation. +- Standard: + . The "o" serialization format has been removed. As it is never produced by + PHP, this may only break unserialization of manually crafted strings. + ======================================== 2. New Features ======================================== diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re index 8dad71450e..5193a0ab41 100644 --- a/ext/standard/var_unserializer.re +++ b/ext/standard/var_unserializer.re @@ -948,17 +948,6 @@ use_double: return finish_nested_data(UNSERIALIZE_PASSTHRU); } -"o:" uiv ":" ["] { - zend_long elements; - if (!var_hash) return 0; - - elements = object_common1(UNSERIALIZE_PASSTHRU, ZEND_STANDARD_CLASS_DEF_PTR); - if (elements < 0 || elements >= HT_MAX_SIZE) { - return 0; - } - return object_common2(UNSERIALIZE_PASSTHRU, elements); -} - object ":" uiv ":" ["] { size_t len, len2, len3, maxlen; zend_long elements; |