diff options
| author | Stanislav Malyshev <stas@php.net> | 2015-04-05 17:30:59 -0700 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2015-04-11 16:53:22 -0700 |
| commit | a894a8155fab068d68a04bf181dbaddfa01ccbb0 (patch) | |
| tree | 0e1727890ce41a0ad60b8d9fdb5bebc7908e0ba0 /ext | |
| parent | 4435b9142ff9813845d5c97ab29a5d637bedb257 (diff) | |
| download | php-git-a894a8155fab068d68a04bf181dbaddfa01ccbb0.tar.gz | |
More fixes for bug #69152
Diffstat (limited to 'ext')
| -rw-r--r-- | ext/standard/tests/serialize/bug69152.phpt | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/ext/standard/tests/serialize/bug69152.phpt b/ext/standard/tests/serialize/bug69152.phpt new file mode 100644 index 0000000000..4e741685cc --- /dev/null +++ b/ext/standard/tests/serialize/bug69152.phpt @@ -0,0 +1,16 @@ +--TEST-- +Bug #69152: Type Confusion Infoleak Vulnerability in unserialize() +--FILE-- +<?php +$x = unserialize('O:9:"exception":1:{s:16:"'."\0".'Exception'."\0".'trace";s:4:"ryat";}'); +echo $x; +$x = unserialize('O:4:"test":1:{s:27:"__PHP_Incomplete_Class_Name";R:1;}'); +$x->test(); + +?> +--EXPECTF-- +exception 'Exception' in %s:%d +Stack trace: +#0 {main} + +Fatal error: main(): The script tried to execute a method or access a property of an incomplete object. Please ensure that the class definition "unknown" of the object you are trying to operate on was loaded _before_ unserialize() gets called or provide a __autoload() function to load the class definition in %s on line %d |