diff options
| author | W0rty | 2026-03-27 22:15:59 +0100 |
|---|---|---|
| committer | Julien Voisin | 2026-03-28 21:00:13 +0100 |
| commit | 6d7addeb44744dcf0f36d2aac34be5e12de23c5d (patch) | |
| tree | 45478dfb6f7a2869843fd93c9eb2f3b2283be9e4 /src/sp_unserialize.c | |
| parent | 0b79579c25a43be7e5918841f1d2ad8c297235ac (diff) | |
Fix the usage of strlen() which will return a wrong size when serialized objects contains null bytes (for example in private fields)
Diffstat (limited to '')
| -rw-r--r-- | src/sp_unserialize.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/sp_unserialize.c b/src/sp_unserialize.c index 3e810fc..b7c5e1b 100644 --- a/src/sp_unserialize.c +++ b/src/sp_unserialize.c | |||
| @@ -137,7 +137,7 @@ PHP_FUNCTION(sp_unserialize) { | |||
| 137 | char* serialized_str = ecalloc(buf_len - 64 + 1, 1); | 137 | char* serialized_str = ecalloc(buf_len - 64 + 1, 1); |
| 138 | memcpy(serialized_str, buf, buf_len - 64); | 138 | memcpy(serialized_str, buf, buf_len - 64); |
| 139 | 139 | ||
| 140 | zend_string *expected_hmac = sp_do_hash_hmac_sha256(serialized_str, strlen(serialized_str), ZSTR_VAL(SPCFG(encryption_key)), ZSTR_LEN(SPCFG(encryption_key))); | 140 | zend_string *expected_hmac = sp_do_hash_hmac_sha256(serialized_str, buf_len - 64, ZSTR_VAL(SPCFG(encryption_key)), ZSTR_LEN(SPCFG(encryption_key))); |
| 141 | 141 | ||
| 142 | unsigned int status = 0; | 142 | unsigned int status = 0; |
| 143 | if (expected_hmac) { | 143 | if (expected_hmac) { |