On Thu, Sep 22, 2016 at 10:06 AM, Rowan Collins <rowan.coll...@gmail.com>
wrote:

> On 22/09/2016 08:52, Jakub Zelenka wrote:
>
>> I don't like the initial version of the patch that was causing fatal error
>> for json_decode. That's not how json_decode should work. I think that Bob
>> came up later with a better version that was using json recursion error.
>> It
>> might require a bit more work for 7.1 as I changed a json parser since
>> then.
>>
>
> The point of the proposed patch is that it causes fatal error *anywhere*
> that a hash is attacked (and, as discussed, it really is only going to
> trigger on a crafted attack).
>
> Adding mitigations elsewhere such as in the JSON parser can be done *on
> top of* that, since they'll presumably catch the problem before the hash is
> inserted into.
>
> It's the same as if the attack caused an exponential amount of memory
> usage: the engine will bail out as soon as the hard memory limit is
> reached, but extensions can and should detect and avoid scenarios likely to
> cause that.
>
>
Nope the point of the Bob's patch is to use graceful handling with
exception that can be easily checked by the json parser for example! See
https://github.com/php/php-src/pull/1706

>From the quick look, it actually just requires regenerating parser from the
json ext point of view.

Cheers

Jakub

Reply via email to