Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:103885
Return-Path: <nikita.ppv@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 33462 invoked from network); 30 Jan 2019 12:47:57 -0000
Received: from unknown (HELO mail-io1-f43.google.com) (209.85.166.43)
  by pb1.pair.com with SMTP; 30 Jan 2019 12:47:57 -0000
Received: by mail-io1-f43.google.com with SMTP id k2so18798913iog.7
        for <internals@lists.php.net>; Wed, 30 Jan 2019 01:27:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=FIiiWA0SNswc3ChXAaYnJ7J2VYUZ4gya6B63WjG0JkQ=;
        b=XglQU5HJIqqpX0A3dHKRfcoPo2iIu4vK4m4PQOeXfPylAMrPaU0ttGrPuddAvVsSPP
         whnLFHJlI/7DGS+QRgFr0bjIuDNyoRK97vzpuAAxNPH+o0glQCMt3sNuBKB7qt86Trkd
         J88Ijdsu0lIpZJ+niTNMdDF74HK+hPTxZUbaogQ+uC1+neThqPMVcx+be80VEngcIKxY
         XZOPPJiUnlCe9UiKN66adCE2qCe3jE72AQouPWkToT9dYCXOsCKG7e0SB5CsBuXxMUBO
         f7qBuChfBUnr8bnm6PI8UOFax3ZbuYc/NisTCmmFl9VyTK1zpEREwWYJiCcdGTRUgCMt
         DhZA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=FIiiWA0SNswc3ChXAaYnJ7J2VYUZ4gya6B63WjG0JkQ=;
        b=dxCWoNitepGg0EKC1UeilUTqeovbcZf3KljtVWGal1G/rZi31eI1VoeJFTL1qb8DmW
         GxsZBd8GPEeblvmeoPf1Hz8Hi/nRa3X75X8x2cYzVDURIfsqYPFHcgrlK0ZKY+BRo0kT
         tZf/SRE6TcgHXD408wvqRO7K4Xgwsmp+ITkIHOkoE9eiHu/RVR9sm59xL4c3M/DF/NfE
         765b45HTH6LX/LRqlRVTVoN3XMqSyMHIc5TY4BnfOWuPB4Ypv6Za6PVtZ6rb5cVJc/KZ
         +LrSjo57eh2c9kCzhs6JYNN5VEkc+CCK8VMYzfc/Vb6DNpkB5yCtOLkZ7NMThA5chocl
         7KPw==
X-Gm-Message-State: AHQUAuZKZb74gALoLfzh7EBEfL7cfXAT2gsyh6m3QvNWMMjo9W7XlCjm
	hDGwitEWTMHGo8Vl85aTbLBBRw3vw/YYl+zNoik=
X-Google-Smtp-Source: AHgI3IZhBPXLxClTN2JsXEW5SRyl+a3F47BXTBYfN5NkyjtRrQPvOnm5lvHqcYsNfs6K0qx8bvKBATs0SPyeuMpBbCA=
X-Received: by 2002:a5d:834e:: with SMTP id q14mr17295115ior.258.1548840452623;
 Wed, 30 Jan 2019 01:27:32 -0800 (PST)
MIME-Version: 1.0
References: <CAF+90c-GfwWSJ+LUUYrb6gpZRrwP=XX=hWFD9DL-3xQhBOgp+A@mail.gmail.com>
 <CAOWwgpm3Ne74swRBhvEXO=rqps_GrAYMKbQzKxzjNHSttkekFA@mail.gmail.com>
In-Reply-To: <CAOWwgpm3Ne74swRBhvEXO=rqps_GrAYMKbQzKxzjNHSttkekFA@mail.gmail.com>
Date: Wed, 30 Jan 2019 10:27:14 +0100
Message-ID: <CAF+90c_GT2fw7ryburDNFMBOmSTxxyfjEFWFCdMdZaapoNxUug@mail.gmail.com>
To: Nicolas Grekas <nicolas.grekas+php@gmail.com>
Cc: PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="000000000000fe11860580a984a1"
Subject: Re: [RFC] New custom object serialization mechanism
From: nikita.ppv@gmail.com (Nikita Popov)

--000000000000fe11860580a984a1
Content-Type: text/plain; charset="UTF-8"

On Wed, Jan 30, 2019 at 10:20 AM Nicolas Grekas <
nicolas.grekas+php@gmail.com> wrote:

> Hi Nikita,
>
> https://wiki.php.net/rfc/custom_object_serialization
>>
>
> In the RFC, you mention that "Executing arbitrary code in the middle of
> unserialization is dangerous and has led to numerous unserialize()
> vulnerabilities in the past. For this reason __wakeup() calls are now
> delayed until the end of unserialization."
>
> How about destructors?
> Some vulnerabilities come from destructors doing things with unserialized
> state.
> Would it be possible/a good idea to *not* call any destructors unless the
> "wakeup" stage has been successful? Any exceptions thrown during
> __wakeup/__unserialize would mean the unserialized data structure should be
> destroyed without calling any destructors?
> WDYT?
>

This is already how it works. If a class has __wakeup and unserialization
fails (or call of __wakeup fails), then we will not call the destructor.
(The same would be true for __unserialize under this proposal.)

Nikita

--000000000000fe11860580a984a1--