Edit report at https://bugs.php.net/bug.php?id=60655&edit=1
ID: 60655 Updated by: ses...@php.net Reported by: larue...@php.net Summary: add max_input_vars for json/serialize Status: Open Type: Feature/Change Request Package: *General Issues PHP Version: 5.3.9RC4 Block user comment: N Private report: N New Comment: Your patch does not fix the problem. It will make the first X hashtable grow operations random. But the moment you already inserte 65536 entries the HashTable is now big enough to launch the attack. Maybe your test script already breaks your patch the moment you try to insert 2^17 entries. Otherwise the attack script might need some tweaking. Anyway, your patch will not solve the problem. Previous Comments: ------------------------------------------------------------------------ [2012-01-05 08:09:18] larue...@php.net The following patch has been added/updated: Patch Name: rand_hash_resize.patch Revision: 1325750958 URL: https://bugs.php.net/patch-display.php?bug=60655&patch=rand_hash_resize.patch&revision=1325750958 ------------------------------------------------------------------------ [2012-01-05 05:04:53] larue...@php.net The following patch has been added/updated: Patch Name: max_input_vars.patch Revision: 1325739893 URL: https://bugs.php.net/patch-display.php?bug=60655&patch=max_input_vars.patch&revision=1325739893 ------------------------------------------------------------------------ [2012-01-05 05:03:29] larue...@php.net The following patch has been added/updated: Patch Name: max_input_vars.patch Revision: 1325739809 URL: https://bugs.php.net/patch-display.php?bug=60655&patch=max_input_vars.patch&revision=1325739809 ------------------------------------------------------------------------ [2012-01-05 05:02:16] larue...@php.net The following patch has been added/updated: Patch Name: max_input_vars.patch Revision: 1325739736 URL: https://bugs.php.net/patch-display.php?bug=60655&patch=max_input_vars.patch&revision=1325739736 ------------------------------------------------------------------------ [2012-01-05 04:17:03] larue...@php.net The following patch has been added/updated: Patch Name: max_input_vars.patch Revision: 1325737023 URL: https://bugs.php.net/patch-display.php?bug=60655&patch=max_input_vars.patch&revision=1325737023 ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=60655 -- Edit this bug report at https://bugs.php.net/bug.php?id=60655&edit=1
