archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

random: Validate that the arrays do not contain extra elements when unserializing (#9458)

Browse source 
* Apply `var_dump()` in 02_engine/all_serialize_error.phpt

This ensures that an undetected serialization error is clear identifiable in the output.

* random: Validate that the arrays do not contain extra elements when unserializing
This commit is contained in:
Tim Düsterhus 2022-09-05 17:33:36 +02:00 committed by GitHub
parent 15405c60da
commit ddf7a5d4d9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 51 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

11
ext/random/engine_mt19937.c
View file

@ -203,6 +203,11 @@ static bool unserialize(php_random_status *status, HashTable *data)
php_random_status_state_mt19937 *s = status->state; php_random_status_state_mt19937 *s = status->state;
zval *t; zval *t;
/* Verify the expected number of elements, this implicitly ensures that no additional elements are present. */
if (zend_hash_num_elements(data) != (MT_N + 2)) {
return false;
}
for (uint32_t i = 0; i < MT_N; i++) { for (uint32_t i = 0; i < MT_N; i++) {
t = zend_hash_index_find(data, i); t = zend_hash_index_find(data, i);
if (!t || Z_TYPE_P(t) != IS_STRING || Z_STRLEN_P(t) != (2 * sizeof(uint32_t))) { if (!t || Z_TYPE_P(t) != IS_STRING || Z_STRLEN_P(t) != (2 * sizeof(uint32_t))) {
@ -358,6 +363,12 @@ PHP_METHOD(Random_Engine_Mt19937, __unserialize)
Z_PARAM_ARRAY_HT(d); Z_PARAM_ARRAY_HT(d);
ZEND_PARSE_PARAMETERS_END(); ZEND_PARSE_PARAMETERS_END();
/* Verify the expected number of elements, this implicitly ensures that no additional elements are present. */
if (zend_hash_num_elements(d) != 2) {
zend_throw_exception_ex(NULL, 0, "Invalid serialization data for %s object", ZSTR_VAL(engine->std.ce->name));
RETURN_THROWS();
}
/* members */ /* members */
t = zend_hash_index_find(d, 0); t = zend_hash_index_find(d, 0);
if (!t || Z_TYPE_P(t) != IS_ARRAY) { if (!t || Z_TYPE_P(t) != IS_ARRAY) {

5
ext/random/engine_pcgoneseq128xslrr64.c
View file

@ -83,6 +83,11 @@ static bool unserialize(php_random_status *status, HashTable *data)
uint64_t u[2]; uint64_t u[2];
zval *t; zval *t;
/* Verify the expected number of elements, this implicitly ensures that no additional elements are present. */
if (zend_hash_num_elements(data) != 2) {
return false;
}
for (uint32_t i = 0; i < 2; i++) { for (uint32_t i = 0; i < 2; i++) {
t = zend_hash_index_find(data, i); t = zend_hash_index_find(data, i);
if (!t || Z_TYPE_P(t) != IS_STRING || Z_STRLEN_P(t) != (2 * sizeof(uint64_t))) { if (!t || Z_TYPE_P(t) != IS_STRING || Z_STRLEN_P(t) != (2 * sizeof(uint64_t))) {

5
ext/random/engine_xoshiro256starstar.c
View file

@ -131,6 +131,11 @@ static bool unserialize(php_random_status *status, HashTable *data)
php_random_status_state_xoshiro256starstar *s = status->state; php_random_status_state_xoshiro256starstar *s = status->state;
zval *t; zval *t;
/* Verify the expected number of elements, this implicitly ensures that no additional elements are present. */
if (zend_hash_num_elements(data) != 4) {
return false;
}
for (uint32_t i = 0; i < 4; i++) { for (uint32_t i = 0; i < 4; i++) {
t = zend_hash_index_find(data, i); t = zend_hash_index_find(data, i);
if (!t || Z_TYPE_P(t) != IS_STRING || Z_STRLEN_P(t) != (2 * sizeof(uint64_t))) { if (!t || Z_TYPE_P(t) != IS_STRING || Z_STRLEN_P(t) != (2 * sizeof(uint64_t))) {

6
ext/random/randomizer.c
View file

@ -272,6 +272,12 @@ PHP_METHOD(Random_Randomizer, __unserialize)
Z_PARAM_ARRAY_HT(d); Z_PARAM_ARRAY_HT(d);
ZEND_PARSE_PARAMETERS_END(); ZEND_PARSE_PARAMETERS_END();
/* Verify the expected number of elements, this implicitly ensures that no additional elements are present. */
if (zend_hash_num_elements(d) != 1) {
zend_throw_exception(NULL, "Invalid serialization data for Random\\Randomizer object", 0);
RETURN_THROWS();
}
members_zv = zend_hash_index_find(d, 0); members_zv = zend_hash_index_find(d, 0);
if (!members_zv || Z_TYPE_P(members_zv) != IS_ARRAY) { if (!members_zv || Z_TYPE_P(members_zv) != IS_ARRAY) {
zend_throw_exception(NULL, "Invalid serialization data for Random\\Randomizer object", 0); zend_throw_exception(NULL, "Invalid serialization data for Random\\Randomizer object", 0);

32
ext/random/tests/02_engine/all_serialize_error.phpt
View file

File diff suppressed because one or more lines are too long