Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:89470
Return-Path: <jakub.php@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 49536 invoked from network); 27 Nov 2015 18:55:31 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 27 Nov 2015 18:55:31 -0000
Authentication-Results: pb1.pair.com header.from=jakub.php@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=jakub.php@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.213.50 as permitted sender)
X-PHP-List-Original-Sender: jakub.php@gmail.com
X-Host-Fingerprint: 209.85.213.50 mail-vk0-f50.google.com  
Received: from [209.85.213.50] ([209.85.213.50:34574] helo=mail-vk0-f50.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 0F/E9-04444-227A8565 for <internals@lists.php.net>; Fri, 27 Nov 2015 13:55:30 -0500
Received: by vkbs1 with SMTP id s1so72989735vkb.1
        for <internals@lists.php.net>; Fri, 27 Nov 2015 10:55:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:in-reply-to:references:date:message-id:subject
         :from:to:cc:content-type;
        bh=peIptMf/K/IoKQPz5q1liPZIC06im28PO4MaUIjp2n8=;
        b=TeUtVptu8KJQaUyxVu5FlRTTVIZ+xP62wfY7Z6AQvE+ehTRKZcj2mkAFCwLvwUNpo4
         +thfMMeBYDXki84S7PYQJ3oN4tgpP3yg1UZyTJNec2ANfpQ7wQ1y+jZ0vzdl8p5XbLI+
         bOBsq6eQ3VaQnAzLkKShaDPTp1iEHV0bNSlgoewuuhr8NjamW8oPl4JHm41LkvJSWVHI
         wb71VO/OGukuW3r4DabmhlhEKCedZR15KmDClgABX7FcJb0ZUN0t1wy5gjA4Jl1+o24H
         tNeHJC02SULlF3joHRNzIMYN93uaLYN61jJP6DsKuh/H4Rr3g5su5n5ULxl7P7l7EgiE
         cZKA==
MIME-Version: 1.0
X-Received: by 10.31.141.142 with SMTP id p136mr43550440vkd.61.1448650528142;
 Fri, 27 Nov 2015 10:55:28 -0800 (PST)
Sender: jakub.php@gmail.com
Received: by 10.31.153.132 with HTTP; Fri, 27 Nov 2015 10:55:28 -0800 (PST)
In-Reply-To: <CAF+90c_pVFVbzqThuPg1V3VDTV-7Ci4O6T6hNtY5XPgVb2Mt-Q@mail.gmail.com>
References: <CAF+90c_pVFVbzqThuPg1V3VDTV-7Ci4O6T6hNtY5XPgVb2Mt-Q@mail.gmail.com>
Date: Fri, 27 Nov 2015 18:55:28 +0000
X-Google-Sender-Auth: WsZw9zV8Rk7fnyF0ZiVw1ArxD2M
Message-ID: <CAEKnhAGR4g2pAtoiwbfg77AnxbDGLyqX2m_PPXrGEPgPrE055g@mail.gmail.com>
To: Nikita Popov <nikita.ppv@gmail.com>
Cc: PHP internals <internals@lists.php.net>, Anatol Belski <anatol.php@belski.net>, 
	Remi Collet <remi@php.net>
Content-Type: multipart/alternative; boundary=001a11425816223c7f05258a3ca9
Subject: Re: [PHP-DEV] HashDos protection
From: bukka@php.net (Jakub Zelenka)

--001a11425816223c7f05258a3ca9
Content-Type: text/plain; charset=UTF-8

Hi,

On Thu, Nov 26, 2015 at 5:24 PM, Nikita Popov <nikita.ppv@gmail.com> wrote:
>
>
> What are your thoughts on this?
>
>
First of all, thanks a lot for looking into it! That's great!

I think that it's all cool except the fact that json_decode would result in
fatal error.  I don't think that json_decode should kill the script in this
case. It's much better to return NULL and set a new JSON_ERROR_...

We could maybe add some EG var to silence it when using json_decode and set
it back when finished. In that case when the collision limit is exceeded it
would set another EG that could be checked in the json_parser.y as
UNEXPECTED  after each addition to the object or array. It's not probably
nicest solution and it would probably slow down slightly the json parser
but it could work and it's still better than fatal error IMHO.

What do you think?

Cheers

Jakub

--001a11425816223c7f05258a3ca9--