diff options
| author | jvoisin | 2023-06-25 14:56:43 +0200 |
|---|---|---|
| committer | jvoisin | 2023-06-25 17:50:59 +0200 |
| commit | 78668b6ef599f700ba939017dc805485452f5319 (patch) | |
| tree | 03263097b46124fad145a5c116c1f8969be9b07e /src/sp_unserialize.c | |
| parent | 709d850429d0d62b148bc235745c830c2f7a55be (diff) | |
Fix an unserialize-related warning
This should fix `Warning: unserialize(): Extra data starting at offset 8 of 72 bytes in unserialize.php on line 4`.
On the flip side, it's not longer possible in PHP8.3 and above, when using
Snuffleupagus, to have other extensions hooking unserialize().
Diffstat (limited to 'src/sp_unserialize.c')
| -rw-r--r-- | src/sp_unserialize.c | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/src/sp_unserialize.c b/src/sp_unserialize.c index 641d989..ab0d9ed 100644 --- a/src/sp_unserialize.c +++ b/src/sp_unserialize.c | |||
| @@ -50,8 +50,6 @@ static zend_string *sp_do_hash_hmac_sha256(char* restrict data, size_t data_len, | |||
| 50 | return hex_digest; | 50 | return hex_digest; |
| 51 | } | 51 | } |
| 52 | 52 | ||
| 53 | // ------------------ | ||
| 54 | |||
| 55 | PHP_FUNCTION(sp_serialize) { | 53 | PHP_FUNCTION(sp_serialize) { |
| 56 | zif_handler orig_handler; | 54 | zif_handler orig_handler; |
| 57 | 55 | ||
| @@ -130,11 +128,16 @@ PHP_FUNCTION(sp_unserialize) { | |||
| 130 | } | 128 | } |
| 131 | } else { status = 1; } | 129 | } else { status = 1; } |
| 132 | 130 | ||
| 133 | zif_handler orig_handler; | 131 | zif_handler orig_handler = zend_hash_str_find_ptr(SPG(sp_internal_functions_hook), ZEND_STRL("unserialize")); |
| 134 | if (0 == status) { | 132 | if (0 == status) { |
| 135 | if ((orig_handler = zend_hash_str_find_ptr(SPG(sp_internal_functions_hook), ZEND_STRL("unserialize")))) { | 133 | #if PHP_VERSION_ID >= 80300 |
| 134 | // PHP8.3 gives a warning about trailing data in unserialize strings. | ||
| 135 | php_unserialize_with_options(return_value, buf, buf_len - 64, opts, "unserialize"); | ||
| 136 | #else | ||
| 137 | if ((orig_handler)) { | ||
| 136 | orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); | 138 | orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); |
| 137 | } | 139 | } |
| 140 | #endif | ||
| 138 | } else { | 141 | } else { |
| 139 | const sp_config_unserialize *config_unserialize = &(SPCFG(unserialize)); | 142 | const sp_config_unserialize *config_unserialize = &(SPCFG(unserialize)); |
| 140 | if (config_unserialize->dump) { | 143 | if (config_unserialize->dump) { |
| @@ -143,9 +146,14 @@ PHP_FUNCTION(sp_unserialize) { | |||
| 143 | } | 146 | } |
| 144 | if (true == config_unserialize->simulation) { | 147 | if (true == config_unserialize->simulation) { |
| 145 | sp_log_simulation("unserialize", "Invalid HMAC for %s", serialized_str); | 148 | sp_log_simulation("unserialize", "Invalid HMAC for %s", serialized_str); |
| 146 | if ((orig_handler = zend_hash_str_find_ptr(SPG(sp_internal_functions_hook), ZEND_STRL("unserialize")))) { | 149 | #if PHP_VERSION_ID >= 80300 |
| 150 | // PHP8.3 gives a warning about trailing data in unserialize strings. | ||
| 151 | php_unserialize_with_options(return_value, buf, buf_len - 64, opts, "unserialize"); | ||
| 152 | #else | ||
| 153 | if ((orig_handler)) { | ||
| 147 | orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); | 154 | orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); |
| 148 | } | 155 | } |
| 156 | #endif | ||
| 149 | } else { | 157 | } else { |
| 150 | sp_log_drop("unserialize", "Invalid HMAC for %s", serialized_str); | 158 | sp_log_drop("unserialize", "Invalid HMAC for %s", serialized_str); |
| 151 | } | 159 | } |