archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
php-src/ext/spl
History
Exact
Tim Düsterhus f2e8c5da90
unserialize: Strictly check for :{ at object start (#10214) 
* unserialize: Strictly check for `:{` at object start

* unserialize: Update CVE tests

It's unlikely that the object syntax error contributed to the actual CVE. The
CVE is rather caused by the incorrect object serialization data of the `C`
format. Add a second string without such a syntax error to ensure that path is
still executed as well to ensure the CVE is absent.

* Fix test expectation in gmp/tests/bug74670.phpt

No changes to the input required, because the test actually is intended to
verify the behavior for a missing `}`, it's just that the report position changed.

* NEWS

* UPGRADING
2023-01-12 19:55:54 +01:00
..
tests unserialize: Strictly check for :{ at object start (#10214) 2023-01-12 19:55:54 +01:00
config.m4 Refactor SplFixedArray (#7168) 2021-06-18 15:22:52 +01:00
config.w32 Refactor SplFixedArray (#7168) 2021-06-18 15:22:52 +01:00
CREDITS
php_spl.c Merge branch 'PHP-8.1' into PHP-8.2 2022-12-02 12:48:41 +00:00
php_spl.h Use ZEND_TLS for spl (#7043) 2021-05-26 09:36:23 +02:00
php_spl.stub.php Fix rc info of iterator_to_array (#9080) 2022-07-21 15:05:34 +02:00
php_spl_arginfo.h Fix rc info of iterator_to_array (#9080) 2022-07-21 15:05:34 +02:00
spl_array.c Revert "Fix compilation on MacOS" 2022-09-14 11:28:06 +02:00
spl_array.h Declare ext/spl constants in stubs (#9226) 2022-08-02 16:37:12 +02:00
spl_array.stub.php Declare ext/spl constants in stubs (#9226) 2022-08-02 16:37:12 +02:00
spl_array_arginfo.h Declare ext/spl constants in stubs (#9226) 2022-08-02 16:37:12 +02:00
spl_directory.c Merge branch 'PHP-8.1' into PHP-8.2 2022-11-22 12:26:03 +00:00
spl_directory.h Declare ext/spl constants in stubs (#9226) 2022-08-02 16:37:12 +02:00
spl_directory.stub.php Merge branch 'PHP-8.1' into PHP-8.2 2022-11-22 12:26:03 +00:00
spl_directory_arginfo.h Merge branch 'PHP-8.1' into PHP-8.2 2022-11-22 12:26:03 +00:00
spl_dllist.c Revert "Fix compilation on MacOS" 2022-09-14 11:28:06 +02:00
spl_dllist.h Declare ext/spl constants in stubs (#9226) 2022-08-02 16:37:12 +02:00
spl_dllist.stub.php Declare ext/spl constants in stubs (#9226) 2022-08-02 16:37:12 +02:00
spl_dllist_arginfo.h Declare ext/spl constants in stubs (#9226) 2022-08-02 16:37:12 +02:00
spl_engine.h Refactor SplFixedArray (#7168) 2021-06-18 15:22:52 +01:00
spl_exceptions.c Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
spl_exceptions.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
spl_exceptions.stub.php Generate ext/spl class entries from stubs 2021-02-18 13:01:51 +01:00
spl_exceptions_arginfo.h Generate ext/spl class entries from stubs 2021-02-18 13:01:51 +01:00
spl_fixedarray.c Fix serialization of empty SplFixedArray 2022-09-15 22:36:19 +02:00
spl_fixedarray.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
spl_fixedarray.stub.php Fix GH-9186 @strict-properties can be bypassed using unserialization (#9354) 2022-08-30 07:46:32 -04:00
spl_fixedarray_arginfo.h Fix GH-9186 @strict-properties can be bypassed using unserialization (#9354) 2022-08-30 07:46:32 -04:00
spl_functions.c SPL: minor refactoring (#8341) 2022-04-13 20:34:23 +01:00
spl_functions.h Declare ext/spl constants in stubs (#9226) 2022-08-02 16:37:12 +02:00
spl_heap.c Revert "Fix compilation on MacOS" 2022-09-14 11:28:06 +02:00
spl_heap.h Declare ext/spl constants in stubs (#9226) 2022-08-02 16:37:12 +02:00
spl_heap.stub.php Declare ext/spl constants in stubs (#9226) 2022-08-02 16:37:12 +02:00
spl_heap_arginfo.h Declare ext/spl constants in stubs (#9226) 2022-08-02 16:37:12 +02:00
spl_iterators.c Revert "Port all internally used classes to use default_object_handlers" 2022-09-14 11:13:23 +02:00
spl_iterators.h Declare ext/spl constants in stubs (#9226) 2022-08-02 16:37:12 +02:00
spl_iterators.stub.php Declare ext/spl constants in stubs (#9226) 2022-08-02 16:37:12 +02:00
spl_iterators_arginfo.h Declare ext/spl constants in stubs (#9226) 2022-08-02 16:37:12 +02:00
spl_observer.c Revert "Port all internally used classes to use default_object_handlers" 2022-09-14 11:13:23 +02:00
spl_observer.h Declare ext/spl constants in stubs (#9226) 2022-08-02 16:37:12 +02:00
spl_observer.stub.php Declare ext/spl constants in stubs (#9226) 2022-08-02 16:37:12 +02:00
spl_observer_arginfo.h Declare ext/spl constants in stubs (#9226) 2022-08-02 16:37:12 +02:00