Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:57300
Return-Path: <pierre.php@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 57388 invoked from network); 9 Jan 2012 16:50:35 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 9 Jan 2012 16:50:35 -0000
Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.160.170 as permitted sender)
X-PHP-List-Original-Sender: pierre.php@gmail.com
X-Host-Fingerprint: 209.85.160.170 mail-gy0-f170.google.com  
Received: from [209.85.160.170] ([209.85.160.170:41533] helo=mail-gy0-f170.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id C5/62-46289-BDA1B0F4 for <internals@lists.php.net>; Mon, 09 Jan 2012 11:50:35 -0500
Received: by ghrr1 with SMTP id r1so1693707ghr.29
        for <internals@lists.php.net>; Mon, 09 Jan 2012 08:50:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=CDt+Anqmd1Wc8lTOimkiTv7sOSRdNcNNKdTlB9LCBfE=;
        b=OO94kYe1lxyzVmmU1Fwm2DMrUP6arFYbfFSZ3tFCIdlx3qfgpJi/GGF2N/Vk8QK7kB
         28HpjSPqCs3D4aEozCwmUCzyW8vldQmwlEvtkn8gXTvElQS8H0x24y5V9tGTmKtEPGj+
         4mDo4UvWKAlCOPyQIKkP6z+yzlkNxpHOj2L74=
MIME-Version: 1.0
Received: by 10.100.244.14 with SMTP id r14mr6962468anh.51.1326127832400; Mon,
 09 Jan 2012 08:50:32 -0800 (PST)
Received: by 10.146.238.8 with HTTP; Mon, 9 Jan 2012 08:50:32 -0800 (PST)
In-Reply-To: <69E4BB23-9F97-449F-A44A-8731B0D5141E@nopiracy.de>
References: <CAEZPtU44aag3z-oGAx+mF1dvr9qF0ZLpdW3pHFWEe0uwbchMBQ@mail.gmail.com>
	<CAF+90c8ajB0RUnEGHxo-sjYh+YZCkqaXGE7e-3YX11PCvSZ+uw@mail.gmail.com>
	<F6CEA653-DD25-4461-A963-99B0DCD0EB24@nopiracy.de>
	<CAF+90c-VWaMG=SETzzYnAhyu_EMTpFsgZ9-ti40GCcL0fZ+XSg@mail.gmail.com>
	<69E4BB23-9F97-449F-A44A-8731B0D5141E@nopiracy.de>
Date: Mon, 9 Jan 2012 17:50:32 +0100
Message-ID: <CAEZPtU7Efu4R5i72cv1hsvM0rL2QJP=Gz_aWYw6jBe14E7HSBA@mail.gmail.com>
To: Stefan Esser <stefan@nopiracy.de>
Cc: Nikita Popov <nikita.ppv@googlemail.com>, PHP internals <internals@lists.php.net>
Content-Type: text/plain; charset=ISO-8859-1
Subject: Re: [PHP-DEV] 5.3.9, Hash DoS, release
From: pierre.php@gmail.com (Pierre Joye)

On Mon, Jan 9, 2012 at 5:34 PM, Stefan Esser <stefan@nopiracy.de> wrote:

> Of course I am biased, because suhosin is one of the affected extensions. But that said suhosin has a limit similar to max_input_vars for 7 years now.

Not really the same, but yes. While the reasons you did it was not the
same. Also the length check is not related or cannot be used for this
fix. But nice self promotion ;-)


-- 
Pierre

@pierrejoye | http://blog.thepimp.net | http://www.libgd.org