php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-10 09:33:06 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
php-8.2.3
archived-php-src/ext/gmp
History
Tim Düsterhus f2e8c5da90 unserialize: Strictly check for :{ at object start (#10214) 
* unserialize: Strictly check for `:{` at object start

* unserialize: Update CVE tests

It's unlikely that the object syntax error contributed to the actual CVE. The
CVE is rather caused by the incorrect object serialization data of the `C`
format. Add a second string without such a syntax error to ensure that path is
still executed as well to ensure the CVE is absent.

* Fix test expectation in gmp/tests/bug74670.phpt

No changes to the input required, because the test actually is intended to
verify the behavior for a missing `}`, it's just that the report position changed.

* NEWS

* UPGRADING
2023-01-12 19:55:54 +01:00
..
tests
unserialize: Strictly check for :{ at object start (#10214)
2023-01-12 19:55:54 +01:00
config.m4
Fixed bug #78574 (broken shared build)
2019-09-20 13:30:13 +02:00
config.w32
Remove unused defines
2019-07-18 02:21:39 +02:00
CREDITS
gmp_arginfo.h
Do not generate CONST_CS when registering constants (#9439)
2022-08-28 08:27:19 +02:00
gmp.c
Revert "Port all internally used classes to use default_object_handlers"
2022-09-14 11:13:23 +02:00
gmp.stub.php
Rename @cname to @cvalue in stubs (#9043)
2022-07-19 15:11:42 +02:00
php_gmp_int.h
Fix warning of strict-prototypes
2020-06-07 10:36:50 +02:00
php_gmp.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00