archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

random: Validate that the arrays do not contain extra elements when unserializing (#9458)

Browse source 
* Apply `var_dump()` in 02_engine/all_serialize_error.phpt

This ensures that an undetected serialization error is clear identifiable in the output.

* random: Validate that the arrays do not contain extra elements when unserializing
This commit is contained in:
Tim Düsterhus 2022-09-05 17:33:36 +02:00 committed by GitHub
parent 15405c60da
commit ddf7a5d4d9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 51 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

6
ext/random/randomizer.c
View file

@ -272,6 +272,12 @@ PHP_METHOD(Random_Randomizer, __unserialize)
Z_PARAM_ARRAY_HT(d);
ZEND_PARSE_PARAMETERS_END();
/* Verify the expected number of elements, this implicitly ensures that no additional elements are present. */
if (zend_hash_num_elements(d) != 1) {
zend_throw_exception(NULL, "Invalid serialization data for Random\\Randomizer object", 0);
RETURN_THROWS();
}
members_zv = zend_hash_index_find(d, 0);
if (!members_zv || Z_TYPE_P(members_zv) != IS_ARRAY) {
zend_throw_exception(NULL, "Invalid serialization data for Random\\Randomizer object", 0);