Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix #77177: Serializing or unserializing COM objects crashes
Firstly, we avoid returning NULL from the get_property handler, but instead return an empty HashTable, which already prevents the crashes. Secondly, since (de-)serialization obviously makes no sense for COM, DOTNET and VARIANT objects (at least with the current implementation), we prohibit it right away.
- Loading branch information
Showing
5 changed files
with
74 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
--TEST-- | ||
Bug #77177 (Serializing or unserializing COM objects crashes) | ||
--SKIPIF-- | ||
<?php | ||
if (!extension_loaded('com_dotnet')) die('skip com_dotnet extension not available'); | ||
?> | ||
--FILE-- | ||
<?php | ||
$com = new COM("WScript.Shell"); | ||
$dotnet = new DOTNET("mscorlib", "System.Collections.Stack"); | ||
$variant = new VARIANT; | ||
foreach ([$com, $dotnet, $variant] as $object) { | ||
try { | ||
serialize($object); | ||
} catch (Exception $ex) { | ||
echo "Exception: {$ex->getMessage()}\n"; | ||
} | ||
} | ||
|
||
$strings = ['C:3:"com":0:{}', 'C:6:"dotnet":0:{}', 'C:7:"variant":0:{}']; | ||
foreach ($strings as $string) { | ||
try { | ||
unserialize($string); | ||
} catch (Exception $ex) { | ||
echo "Exception: {$ex->getMessage()}\n"; | ||
} | ||
} | ||
|
||
$strings = ['O:3:"com":0:{}', 'O:6:"dotnet":0:{}', 'O:7:"variant":0:{}']; | ||
foreach ($strings as $string) { | ||
var_dump(unserialize($string)); | ||
} | ||
?> | ||
===DONE=== | ||
--EXPECTF-- | ||
Exception: Serialization of 'com' is not allowed | ||
Exception: Serialization of 'dotnet' is not allowed | ||
Exception: Serialization of 'variant' is not allowed | ||
Exception: Unserialization of 'com' is not allowed | ||
Exception: Unserialization of 'dotnet' is not allowed | ||
Exception: Unserialization of 'variant' is not allowed | ||
|
||
Warning: Erroneous data format for unserializing 'com' in %s on line %d | ||
|
||
Notice: unserialize(): Error at offset 13 of 14 bytes in %s on line %d | ||
bool(false) | ||
|
||
Warning: Erroneous data format for unserializing 'dotnet' in %s on line %d | ||
|
||
Notice: unserialize(): Error at offset 16 of 17 bytes in %s on line %d | ||
bool(false) | ||
|
||
Warning: Erroneous data format for unserializing 'variant' in %s on line %d | ||
|
||
Notice: unserialize(): Error at offset 17 of 18 bytes in %s on line %d | ||
bool(false) | ||
===DONE=== |