Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:16273
Return-Path: <cschneid@cschneid.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 59695 invoked by uid 1010); 18 May 2005 10:46:35 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 39751 invoked from network); 18 May 2005 10:32:06 -0000
Received: from unknown (HELO cschneid.com) (127.0.0.1)
  by localhost with SMTP; 18 May 2005 10:32:06 -0000
X-Host-Fingerprint: 195.141.85.117 uf1.search.ch Linux 2.4/2.6
Received: from ([195.141.85.117:52417] helo=verksam.search.ch)
	by pb1.pair.com (ecelerity 1.2 r(5656M)) with SMTP
	id DC/55-01538-5A91B824 for <internals@lists.php.net>; Wed, 18 May 2005 06:32:05 -0400
Received: from localhost (localhost [127.0.0.1])
	by verksam.search.ch (Postfix) with ESMTP id 411E6188AAE;
	Wed, 18 May 2005 12:32:01 +0200 (CEST)
Received: from unknown by localhost (amavisd-new, unix socket)
	id client-XXjZEJD7; Wed, 18 May 2005 12:32:00 +0200 (CEST)
Received: by verksam.search.ch (Postfix, from userid 65534)
	id 68FB2188AA9; Wed, 18 May 2005 12:32:00 +0200 (CEST)
Received: from [192.168.1.72] (ultrafilter-i [192.168.85.2])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by verksam.search.ch (Postfix) with ESMTP id 45285188AA2;
	Wed, 18 May 2005 12:31:57 +0200 (CEST)
Message-ID: <428B199C.70309@cschneid.com>
Date: Wed, 18 May 2005 12:31:56 +0200
User-Agent: Mozilla Thunderbird 1.0 (X11/20041207)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Derick Rethans <derick@php.net>
Cc: Timm Friebe <thekid@thekid.de>, internals@lists.php.net
References: <0MKxQS-1DY6lv0INh-0003YJ@mrelayeu.kundenserver.de> <Pine.LNX.4.62.0505171510000.2832@localhost>
In-Reply-To: <Pine.LNX.4.62.0505171510000.2832@localhost>
Content-Type: multipart/mixed;
	boundary="------------010807030204090604090600"
X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on verksam.search.ch
X-Spam-Level:
X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham 
	version=3.0.2
X-Virus-Scanned: by amavisd-new at search.ch
Subject: Re: [PHP-DEV] Unserialize Bug
From: cschneid@cschneid.com (Christian Schneider)

--------------010807030204090604090600
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Derick Rethans wrote:
> On Tue, 17 May 2005, Timm Friebe wrote:
> 
>>Fix
>>===
>>Allow anything the parser allows, [a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*
> 
> Do you have a patch? :)

I attached a patch for ext/standard/var_unserializer.{c,re}

- Chris

--------------010807030204090604090600
Content-Type: text/plain;
 name="unserialize.patch.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="unserialize.patch.txt"

Index: ext/standard/var_unserializer.c
===================================================================
RCS file: /repository/php-src/ext/standard/var_unserializer.c,v
retrieving revision 1.63
diff -u -r1.63 var_unserializer.c
--- ext/standard/var_unserializer.c	14 Apr 2005 22:38:29 -0000	1.63
+++ ext/standard/var_unserializer.c	18 May 2005 10:30:11 -0000
@@ -565,9 +565,10 @@
 		return 0;
 	}
 
-	len3 = strspn(class_name, "0123456789_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ");
+	len3 = strspn(class_name, "0123456789_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ\177\200\201\202\203\204\205\206\207\210\211\212\213\214\215\216\217\220\221\222\223\224\225\226\227\230\231\232\233\234\235\236\237\240\241\242\243\244\245\246\247\250\251\252\253\254\255\256\257\260\261\262\263\264\265\266\267\270\271\272\273\274\275\276\277\300\301\302\303\304\305\306\307\310\311\312\313\314\315\316\317\320\321\322\323\324\325\326\327\330\331\332\333\334\335\336\337\340\341\342\343\344\345\346\347\350\351\352\353\354\355\356\357\360\361\362\363\364\365\366\367\370\371\372\373\374\375\376\377");
 	if (len3 != len)
 	{
+fprintf(stderr, ">>XXX %d, %d\n", len3, len);
 		*p = YYCURSOR + len3 - len;
 		return 0;
 	}
Index: ext/standard/var_unserializer.re
===================================================================
RCS file: /repository/php-src/ext/standard/var_unserializer.re,v
retrieving revision 1.49
diff -u -r1.49 var_unserializer.re
--- ext/standard/var_unserializer.re	10 Mar 2005 00:10:21 -0000	1.49
+++ ext/standard/var_unserializer.re	18 May 2005 10:30:11 -0000
@@ -544,7 +544,7 @@
 		return 0;
 	}
 
-	len3 = strspn(class_name, "0123456789_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ");
+	len3 = strspn(class_name, "0123456789_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ\177\200\201\202\203\204\205\206\207\210\211\212\213\214\215\216\217\220\221\222\223\224\225\226\227\230\231\232\233\234\235\236\237\240\241\242\243\244\245\246\247\250\251\252\253\254\255\256\257\260\261\262\263\264\265\266\267\270\271\272\273\274\275\276\277\300\301\302\303\304\305\306\307\310\311\312\313\314\315\316\317\320\321\322\323\324\325\326\327\330\331\332\333\334\335\336\337\340\341\342\343\344\345\346\347\350\351\352\353\354\355\356\357\360\361\362\363\364\365\366\367\370\371\372\373\374\375\376\377");
 	if (len3 != len)
 	{
 		*p = YYCURSOR + len3 - len;

--------------010807030204090604090600--