diff options
| author | Nikita Popov <nikita.ppv@gmail.com> | 2020-02-03 22:52:20 +0100 |
|---|---|---|
| committer | Nikita Popov <nikita.ppv@gmail.com> | 2020-02-03 22:52:20 +0100 |
| commit | f8d795820e780a6322e054c26c581570613c14f0 (patch) | |
| tree | 99d3ae01ce564752807341c5743863b4c92513f8 /ext/standard/tests/serialize/bug70172.phpt | |
| parent | d2cb200e10ada6fa44c54a29292bb4665728fff0 (diff) | |
| download | php-git-f8d795820e780a6322e054c26c581570613c14f0.tar.gz | |
Reindent phpt files
Diffstat (limited to 'ext/standard/tests/serialize/bug70172.phpt')
| -rw-r--r-- | ext/standard/tests/serialize/bug70172.phpt | 28 |
1 files changed, 14 insertions, 14 deletions
diff --git a/ext/standard/tests/serialize/bug70172.phpt b/ext/standard/tests/serialize/bug70172.phpt index a2359d6434..18bc2fe85d 100644 --- a/ext/standard/tests/serialize/bug70172.phpt +++ b/ext/standard/tests/serialize/bug70172.phpt @@ -3,13 +3,13 @@ Bug #70172 - Use After Free Vulnerability in unserialize() --FILE-- <?php class obj implements Serializable { - var $data; - function serialize() { - return serialize($this->data); - } - function unserialize($data) { - $this->data = unserialize($data); - } + var $data; + function serialize() { + return serialize($this->data); + } + function unserialize($data) { + $this->data = unserialize($data); + } } $fakezval = ptr2str(1122334455); @@ -25,19 +25,19 @@ $exploit = 'a:2:{i:0;i:1;i:1;C:3:"obj":'.strlen($inner).':{'.$inner.'}}'; $data = unserialize($exploit); for ($i = 0; $i < 5; $i++) { - $v[$i] = $fakezval.$i; + $v[$i] = $fakezval.$i; } var_dump($data); function ptr2str($ptr) { - $out = ''; - for ($i = 0; $i < 8; $i++) { - $out .= chr($ptr & 0xff); - $ptr >>= 8; - } - return $out; + $out = ''; + for ($i = 0; $i < 8; $i++) { + $out .= chr($ptr & 0xff); + $ptr >>= 8; + } + return $out; } ?> --EXPECTF-- |