| commit | b7cdab85fa660ae8357c8d4f53f93c86b2d9792c | |
| author | Matt Clarke-Lauer <mcl@fb.com> | |
| Mon, 17 Nov 2014 21:03:18 +0000 (17 13:03 -0800) | ||
| committer | hhvm-bot <hhvm-bot@fb.com> | |
| Fri, 19 Dec 2014 17:00:25 +0000 (19 09:00 -0800) | ||
| tree | 4fe5dd06c476e4e59669873d4ae557d592c3a781 | treesnapshot (tar.gz zip) |
| parent | 72e8728d9c7b7b95a65b896c379435fcf8478003 | commitdiff |
make recursion limit for unserialize
Summary: This fixes a stack overflow caused by unlimited recursion in
unserialize. By checking the stack size, we avoid the stack overflow without
breaking anything else. There is no obvious way of running arbitrary code via
this, especially since all inputs to unserialize should be sanitized, but this
will close out this cve and prevent possible exploits.
CVE-2009-4418
Reviewed By: @bertmaher
Differential Revision: D1686292
Summary: This fixes a stack overflow caused by unlimited recursion in
unserialize. By checking the stack size, we avoid the stack overflow without
breaking anything else. There is no obvious way of running arbitrary code via
this, especially since all inputs to unserialize should be sanitized, but this
will close out this cve and prevent possible exploits.
CVE-2009-4418
Reviewed By: @bertmaher
Differential Revision: D1686292
| hphp/runtime/base/thread-info.h | diffblobblamehistory | |
| hphp/runtime/base/type-variant.cpp | diffblobblamehistory |