Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:96097
Return-Path: <jakub.php@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 57960 invoked from network); 22 Sep 2016 18:10:34 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 22 Sep 2016 18:10:34 -0000
Authentication-Results: pb1.pair.com smtp.mail=jakub.php@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=jakub.php@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.217.178 as permitted sender)
X-PHP-List-Original-Sender: jakub.php@gmail.com
X-Host-Fingerprint: 209.85.217.178 mail-ua0-f178.google.com  
Received: from [209.85.217.178] ([209.85.217.178:34031] helo=mail-ua0-f178.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 5F/E6-01233-69E14E75 for <internals@lists.php.net>; Thu, 22 Sep 2016 14:10:31 -0400
Received: by mail-ua0-f178.google.com with SMTP id q42so6270281uaq.1
        for <internals@lists.php.net>; Thu, 22 Sep 2016 11:10:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=sf03eKyTGbPMF0IYn8sOJ6O3djsVZXRBRR9U0XOs5EQ=;
        b=pjEnk4kSMyHoyXsJnQHIJOqNDyMBv/XYXzvWI5WCrTT5otPzhRwCcaea48AiC1xtPR
         y1+M8pgG3wO95+eVUrutUxQ3imFl1nd6pnhlm9i93A95UCVuRfgCu2WuQZ58K64EL498
         VSFGIUSBZvs9ZWuGK+6vcmQdp3/2ywrqqMxRKSU+RyMhkR3aVgd4WaM0RDB+RLiOwHPg
         pP2kF9cNz0YX8GT4NlOqwfkirrtUP/BmA5cWnV7EZCQxlouSn2RL/tWmp3WChczQ6DdZ
         geKpI6rBW6PEUf72zFa1aqSZdXYSRjk09bc4KK4g+S81CQ36rdPjCZ+EOe0D/uUjhn1r
         QalQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=sf03eKyTGbPMF0IYn8sOJ6O3djsVZXRBRR9U0XOs5EQ=;
        b=l5i+asXsVwmOFVHEwmvLZXD//OaIP+nZQSiAcin5lR/zL8AcyujETiE6rkj5iyc9r5
         HjUchk7WirDnqXviid7dt0a9g16rtZwZMqW9b9RWiNwNSjHMjmNdCLRMBlCh1qlxasi6
         aEHOAdK5kXpkwurwu+1LhRIJxRTsSdsoTqOYUz6/PL8DuwnU3CKUMbjaTS5wELEprCoi
         hNitbxCrA91J6LCXE//Dnfq7asa2qPKVWEPco9ekqQim8CFbktmq5XLfu/09FeFt1L5g
         QzRYiLVcCbnVL62qihf/uPB1nNdSxkFIwga2Ys3BNeVUMEtu6t7IAtVO0qt9qpo1snXZ
         p/0Q==
X-Gm-Message-State: AE9vXwN00DflUkukwTagpjTeljTZoqafOK/feRg+TNcjyDQ2ScWagj4PO/I9850DbdY9HBNnR1foxmMUNkarOg==
X-Received: by 10.176.2.13 with SMTP id 13mr838957uas.13.1474567827007; Thu,
 22 Sep 2016 11:10:27 -0700 (PDT)
MIME-Version: 1.0
Sender: jakub.php@gmail.com
Received: by 10.31.174.151 with HTTP; Thu, 22 Sep 2016 11:10:26 -0700 (PDT)
In-Reply-To: <5acaa405-8b76-ce00-1380-614f2f83b549@gmail.com>
References: <CAKws9z2EWkNNhM7tOMh-_pQ3iLjVj7hbXTB1Hh3a19utPzj-9A@mail.gmail.com>
 <ffc669b5-8764-3879-0c5a-d047d75c9b45@gmail.com> <CAGa2bXYad=5CNKUR4GTR-uB8L1Gb-2CJk5Fiperz5D_CTL+rxw@mail.gmail.com>
 <9522ebc9-8d8b-045e-b701-02f1166063e6@gmail.com> <CAGa2bXYNZwKrT=Ei8r1DghGjqOGiMUVPEGY31wYK9Hpt+C9XMQ@mail.gmail.com>
 <CANUQDCjcnFdPyG133z6g0DdRLZjUG=+BRhcv4Es9Z+WeoU-Prg@mail.gmail.com>
 <CAFGtT7Zd3+iRuaJtwpML3hO6Kbdu7YtnNOE14zvA78E=QiNprg@mail.gmail.com>
 <40868951-8BDA-4860-884C-B8252C1839E3@gmail.com> <d2080444-9a17-b3db-89fa-c383155a5756@thefsb.org>
 <CAF+90c-uFg9A2f1SVYTNgjQuFX5PkenrtXd8kf37cYoG0EfgEw@mail.gmail.com>
 <edeb9734-a3d4-bd96-f57c-fa1687473e1b@gmail.com> <CAF+90c9HTpxtY8zeKoOfjdQXTkrVQSw8fb9Ws0-Qs_xmJtttZw@mail.gmail.com>
 <9ce33625-2737-9933-7dd1-4f7930bccfac@gmail.com> <CAEKnhAGg829gi7uEBimZqdd-cTvAn4a1HmjDfEoYeLO93_L2wQ@mail.gmail.com>
 <9b0fcfa7-f4f8-bac3-5e1e-7e974f217a94@gmail.com> <CAEKnhAF9XGsLqHU5H9aKDA=jWA5iD1ou8UwOX0=OpAC8tnzXdQ@mail.gmail.com>
 <5acaa405-8b76-ce00-1380-614f2f83b549@gmail.com>
Date: Thu, 22 Sep 2016 19:10:26 +0100
X-Google-Sender-Auth: abnuQnYOXcXkDr26AvpmHD3G7aE
Message-ID: <CAEKnhAG50eG4RQSRjoZGFkSF_as1DZN5OrBWadyQG-chHDuVhw@mail.gmail.com>
To: Rowan Collins <rowan.collins@gmail.com>
Cc: PHP internals list <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=001a113e011e86bd2d053d1c93c5
Subject: Re: [PHP-DEV] HashDoS
From: bukka@php.net (Jakub Zelenka)

--001a113e011e86bd2d053d1c93c5
Content-Type: text/plain; charset=UTF-8

On Thu, Sep 22, 2016 at 10:54 AM, Rowan Collins <rowan.collins@gmail.com>
wrote:

> On 22/09/2016 10:48, Jakub Zelenka wrote:
>
>>
>> Nope the point of the Bob's patch is to use graceful handling with
>> exception that can be easily checked by the json parser for example! See
>> https://github.com/php/php-src/pull/1706
>>
>
> Ah, I stand corrected, I hadn't seen that version referenced before.
>
> Am I right in thinking that the idea here is that if the context is
> exception-safe it can opt in to a more graceful handling mechanism? And
> that if not, it will go ahead and bail out as in Niki's patch?
>
>
Yeah it introduces new functions for updating hash which is used by json
for updating array and it's also in std object handler which is used when
updating json object. For some other bits like updating array, it will stay
with fatal. The thing is that json parser can then easily check if there
was an exception and if so, it will set JSON_ERROR_DEPTH and clear it. It
seems much better though.

Cheers

Jakub

--001a113e011e86bd2d053d1c93c5--