We modify _basic1.phpt so it runs on Windows as well. The other test
cases hit the issue that `readlink()` fails normally for regular files,
but succeeds on Windows[1]. Therefore, we split these tests, but still
fix the skip reasons.
[1] <http://svn.php.net/viewvc?view=revision&revision=350097>
Most of these have been skipped on Windows for no good reason (`lstat`
is available there as of PHP 4). Several others would only fail,
because the `blksize` and `blocks` elements are always `-1` on Windows,
which can easily be fixed by using `%i` format specifiers instead of
`%d`.
Fixes a use-after-free encountered in Symfony's SecurityBundle.
I don't have a reproducer for this, and believe the issue can only
occur if we leak an iterator (the leak is a separate issue).
We should not free the generator iterator here, because we do not
own it. The code that fetched the iterator is responsible for
releasing it. In the rare case where we do hit this code-path,
we cause a use-after-free.
This was needed when php_config.h also declare compatibility
shims for isinf() and friends. These are no longer present in
master, so drop this include.
Unlike the straight unserialize fuzzer, this runs only on HashContexts,
and it does an update and finalize on the contexts it creates.
Co-authored-by: Nikita Popov <nikic@php.net>
* Modify php_hash_ops to contain the algorithm name and
serialize and unserialize methods.
* Implement __serialize and __unserialize magic methods on
HashContext.
Note that serialized HashContexts are not necessarily portable
between PHP versions or from architecture to architecture.
(Most are, though Keccak and slow SHA3s are not.)
An exception is thrown when an unsupported serialization is
attempted.
Because of security concerns, HASH_HMAC contexts are not
currently serializable; attempting to serialize one throws
an exception.
Serialization exposes the state of HashContext memory, so ensure
that memory is zeroed before use by allocating it with a new
php_hash_alloc_context function. Performance impact is
negligible.
Some hash internal states have logical pointers into a buffer,
or sponge, that absorbs input provided in bytes rather than
chunks. The unserialize functions for these hash functions
must validate that the logical pointers are all within bounds,
lest future hash operations cause out-of-bounds memory accesses.
* Adler32, CRC32, FNV, joaat: simple state, no buffer positions
* Gost, MD2, SHA3, Snefru, Tiger, Whirlpool: buffer positions
must be validated
* MD4, MD5, SHA1, SHA2, haval, ripemd: buffer positions encoded
bitwise, forced to within bounds on use; no need to validate
Dmitry Stogov