On Oct 12, 2017 6:01 PM, Nikita Popov wrote:
On Thu, Oct 12, 2017 at 4:38 PM, Dmitry Stogov
> wrote:
Hi,
I've found, that at least half of unserialise() security problems, occurs
because of non-symmetric serialize/unserialize
On Thu, Oct 12, 2017 at 4:38 PM, Dmitry Stogov wrote:
> Hi,
>
>
> I've found, that at least half of unserialise() security problems, occurs
> because of non-symmetric serialize/unserialize assumption, regarding
> references encoded with "r".
>
>
> serialize() assumes it's an