diff options
Diffstat (limited to 'ext/wddx/tests/bug70741.phpt')
-rw-r--r-- | ext/wddx/tests/bug70741.phpt | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/ext/wddx/tests/bug70741.phpt b/ext/wddx/tests/bug70741.phpt new file mode 100644 index 0000000000..9c7e09b48b --- /dev/null +++ b/ext/wddx/tests/bug70741.phpt @@ -0,0 +1,26 @@ +--TEST-- +Bug #70741 (Session WDDX Packet Deserialization Type Confusion Vulnerability) +--SKIPIF-- +<?php +if (!extension_loaded("wddx")) print "skip"; +?> +--FILE-- +<?php +ini_set('session.serialize_handler', 'wddx'); +session_start(); + +$hashtable = str_repeat('A', 66); +$wddx = "<?xml version='1.0'?> +<wddxPacket version='1.0'> +<header/> + <data> + <string>$hashtable</string> + </data> +</wddxPacket>"; +session_decode($wddx); +?> +DONE +--EXPECTF-- + +Warning: session_decode(): Failed to decode session object. Session has been destroyed in %s on line %d +DONE
\ No newline at end of file |