Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:96098 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 62993 invoked from network); 22 Sep 2016 19:13:39 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 22 Sep 2016 19:13:39 -0000 Authentication-Results: pb1.pair.com header.from=me@kelunik.com; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=me@kelunik.com; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain kelunik.com from 81.169.146.221 cause and error) X-PHP-List-Original-Sender: me@kelunik.com X-Host-Fingerprint: 81.169.146.221 mo4-p00-ob.smtp.rzone.de Received: from [81.169.146.221] ([81.169.146.221:43479] helo=mo4-p00-ob.smtp.rzone.de) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id F1/50-59356-F5D24E75 for ; Thu, 22 Sep 2016 15:13:35 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1474571611; l=3361; s=domk; d=kelunik.com; h=Content-Type:Cc:To:Subject:Date:From:References:In-Reply-To: MIME-Version; bh=SkOXDHebmfyYDUVc29T5ggrI/MEp26kiWJ8uWb5NAa0=; b=bIFBtgZVdZ+LFTBI8HZ+Ja3HR05gFAIg1RGM+aIGYxbcRI6OMZYaJ9afvmwQ9D15LXL bA/Egz7Ga0LWqzt0lDi6hi0Wzx9eT9Bt5hcABmePPSKq5VqXXNovgHqi9pENLhW44Ok8b ep07BxBpaC+nb+OopNXoOIUvQb9lL1Ny/pM= X-RZG-AUTH: :IWkkfkWkbvHsXQGmRYmUo9mls2vWuiu+7SLGvomb4bl9EfHtO3Y6 X-RZG-CLASS-ID: mo00 Received: from mail-wm0-f45.google.com ([74.125.82.45]) by smtp.strato.de (RZmta 39.3 AUTH) with ESMTPSA id q0899es8MJDV1gF (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (curve secp384r1 with 384 ECDH bits, eq. 7680 bits RSA)) (Client did not present a certificate) for ; Thu, 22 Sep 2016 21:13:31 +0200 (CEST) Received: by mail-wm0-f45.google.com with SMTP id l132so165278673wmf.1 for ; Thu, 22 Sep 2016 12:13:31 -0700 (PDT) X-Gm-Message-State: AA6/9RlT4IUtlL7FsDM0h/ohf+5zzWddzdivm/ru5GWGRdVJv9vA5ky6NiIhMf80PZS85sJbkRriIOoNejQaaA== X-Received: by 10.194.51.138 with SMTP id k10mr3413661wjo.126.1474571611424; Thu, 22 Sep 2016 12:13:31 -0700 (PDT) MIME-Version: 1.0 Received: by 10.28.125.132 with HTTP; Thu, 22 Sep 2016 12:13:30 -0700 (PDT) In-Reply-To: References: <9522ebc9-8d8b-045e-b701-02f1166063e6@gmail.com> <40868951-8BDA-4860-884C-B8252C1839E3@gmail.com> <9ce33625-2737-9933-7dd1-4f7930bccfac@gmail.com> <9b0fcfa7-f4f8-bac3-5e1e-7e974f217a94@gmail.com> <5acaa405-8b76-ce00-1380-614f2f83b549@gmail.com> Date: Thu, 22 Sep 2016 21:13:30 +0200 X-Gmail-Original-Message-ID: Message-ID: To: Jakub Zelenka Cc: Rowan Collins , PHP internals list Content-Type: multipart/alternative; boundary=bcaec50b5194185bfe053d1d75ef Subject: Re: [PHP-DEV] HashDoS From: me@kelunik.com (Niklas Keller) --bcaec50b5194185bfe053d1d75ef Content-Type: text/plain; charset=UTF-8 2016-09-22 20:10 GMT+02:00 Jakub Zelenka : > On Thu, Sep 22, 2016 at 10:54 AM, Rowan Collins > wrote: > > > On 22/09/2016 10:48, Jakub Zelenka wrote: > > > >> > >> Nope the point of the Bob's patch is to use graceful handling with > >> exception that can be easily checked by the json parser for example! See > >> https://github.com/php/php-src/pull/1706 > >> > > > > Ah, I stand corrected, I hadn't seen that version referenced before. > > > > Am I right in thinking that the idea here is that if the context is > > exception-safe it can opt in to a more graceful handling mechanism? And > > that if not, it will go ahead and bail out as in Niki's patch? > > > > > Yeah it introduces new functions for updating hash which is used by json > for updating array and it's also in std object handler which is used when > updating json object. For some other bits like updating array, it will stay > with fatal. The thing is that json parser can then easily check if there > was an exception and if so, it will set JSON_ERROR_DEPTH and clear it. It > seems much better though. But why JSON_ERROR_DEPTH and not a new constant? Regards, Niklas --bcaec50b5194185bfe053d1d75ef--