Re: [PHP-DEV] Exposing object handles to userland

Fri, 31 Jul 2015 07:53:58 -0700 

> I also know people that print_r($an_object) and parse the output just to
> extract the object handle from there... Crazy isn't it ?
>

I plead guilty for doing this, but php let me no better choice for now ;)

The attached patch removes the XOR hashing for the object handle (it's
useless, the "secret" is trivially guessed after parsing the output of
var_dump).

It would be awesome if this patch could be applied for php 7.0!

Cheers,
Nicolas
<http://marc.info/?l=php-internals&m=141811755908008&w=2>

diff --git a/ext/spl/php_spl.c b/ext/spl/php_spl.c
index e89caa2..0d8be97 100644
--- a/ext/spl/php_spl.c
+++ b/ext/spl/php_spl.c
@@ -755,22 +755,20 @@ PHP_FUNCTION(spl_object_hash)
 
 PHPAPI zend_string *php_spl_object_hash(zval *obj) /* {{{*/
 {
-       intptr_t hash_handle, hash_handlers;
+       intptr_t hash_handlers;
 
        if (!SPL_G(hash_mask_init)) {
                if (!BG(mt_rand_is_seeded)) {
                        php_mt_srand((uint32_t)GENERATE_SEED());
                }
 
-               SPL_G(hash_mask_handle)   = (intptr_t)(php_mt_rand() >> 1);
                SPL_G(hash_mask_handlers) = (intptr_t)(php_mt_rand() >> 1);
                SPL_G(hash_mask_init) = 1;
        }
 
-       hash_handle   = SPL_G(hash_mask_handle)^(intptr_t)Z_OBJ_HANDLE_P(obj);
        hash_handlers = SPL_G(hash_mask_handlers)^(intptr_t)Z_OBJ_HT_P(obj);
 
-       return strpprintf(32, "%016lx%016lx", hash_handle, hash_handlers);
+       return strpprintf(32, "%016lx%016lx", (intptr_t)Z_OBJ_HANDLE_P(obj), 
hash_handlers);
 }
 /* }}} */
 
diff --git a/ext/spl/php_spl.h b/ext/spl/php_spl.h
index 015ada4..b2450ca 100644
--- a/ext/spl/php_spl.h
+++ b/ext/spl/php_spl.h
@@ -62,7 +62,6 @@ PHP_MINFO_FUNCTION(spl);
 ZEND_BEGIN_MODULE_GLOBALS(spl)
        zend_string *autoload_extensions;
        HashTable   *autoload_functions;
-       intptr_t     hash_mask_handle;
        intptr_t     hash_mask_handlers;
        int          hash_mask_init;
        int          autoload_running;
diff --git a/ext/spl/tests/spl_005.phpt b/ext/spl/tests/spl_005.phpt
index 219c791..c1bffe7 100644
--- a/ext/spl/tests/spl_005.phpt
+++ b/ext/spl/tests/spl_005.phpt
@@ -11,7 +11,7 @@ var_dump(spl_object_hash());
 ===DONE===
 <?php exit(0); ?>
 --EXPECTF--
-string(32) "%s"
+string(32) "000000000000000%r[1-9]%r00000000%s"
 
 Warning: spl_object_hash() expects parameter 1 to be object, integer given in 
%sspl_005.php on line %d
 NULL

-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to