snuffleupagus/src/sp_unserialize.c, branch master

snuffleupagus/src/sp_unserialize.c, branch master Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest! http://git.dustri.org/snuffleupagus/atom?h=master 2026-03-28T20:00:13Z Fix the usage of strlen() which will return a wrong size when serialized objects contains null bytes (for example in private fields) 2026-03-28T20:00:13Z W0rty 2026-03-27T21:15:59Z urn:sha1:6d7addeb44744dcf0f36d2aac34be5e12de23c5d fix(unserialize): don't bail in simulation mode when there's no HMAC 2025-10-24T21:55:10Z jvoisin 2025-10-24T21:49:49Z urn:sha1:a167c4d23feb03e6c5b53f41724bbfcb813bf04b Silence unused variable warning with php 8.3 2024-06-06T14:29:55Z Christian Göttsche 2024-05-30T18:23:10Z urn:sha1:381aa67af284e421ce6554e7bf6039dda5e674b9 src/sp_unserialize.c: In function 'zif_sp_unserialize': src/sp_unserialize.c:131:15: warning: unused variable 'orig_handler' [-Wunused-variable] 131 | zif_handler orig_handler = zend_hash_str_find_ptr(SPG(sp_internal_functions_hook), ZEND_STRL("unserialize")); | ^~~~~~~~~~~~ Fix an unserialize-related warning 2023-06-25T15:50:59Z jvoisin 2023-06-25T12:56:43Z urn:sha1:78668b6ef599f700ba939017dc805485452f5319 This should fix `Warning: unserialize(): Extra data starting at offset 8 of 72 bytes in unserialize.php on line 4`. On the flip side, it's not longer possible in PHP8.3 and above, when using Snuffleupagus, to have other extensions hooking unserialize(). Add unserialize_noclass 2022-12-08T19:55:46Z jvoisin 2022-12-07T20:02:22Z urn:sha1:ccfaf3e4713b1878241f1235a6fcb66ad0582d47 Minor refactor 2022-12-07T19:37:25Z jvoisin 2022-12-07T19:37:25Z urn:sha1:5966fefb9a291bd0eecd0fff9396b2b6cea4a62e Help the compiler to optimize sp_do_hash_hmac_sha256 a more 2022-05-02T22:07:15Z jvoisin 2022-05-02T22:07:15Z urn:sha1:3132434447990f24516fb196b3fcf7771895a17b Fix compilation on PHP<7.2 2022-03-20T18:07:35Z jvoisin 2022-03-20T17:43:35Z urn:sha1:57b345f16ccad6e5b273c58e819ca5adefdcbf72 fixed use after free + PHP 7 compatibility 2021-12-13T12:57:18Z Ben Fuhrmannek 2021-12-13T12:57:18Z urn:sha1:682cf7e9b05833cb7502f29edbcf4e0fa567cdf4 replaced call_user_func with C level call 2021-11-19T13:57:01Z Ben Fuhrmannek 2021-11-19T13:57:01Z urn:sha1:c447df6ce8964b2863a50f0f8027d9b234b7507f