Edit report at https://bugs.php.net/bug.php?id=60655&edit=1
ID: 60655 Updated by: [email protected] Reported by: [email protected] Summary: add max_input_vars for json/serialize Status: Open Type: Feature/Change Request Package: *General Issues PHP Version: 5.3.9RC4 Block user comment: N Private report: N New Comment: sorry, didn't get your point? the collision can not be predicatible any more, why this patch doesn't solve the problem? Previous Comments: ------------------------------------------------------------------------ [2012-01-05 11:24:44] [email protected] Your patch does not fix the problem. It will make the first X hashtable grow operations random. But the moment you already inserte 65536 entries the HashTable is now big enough to launch the attack. Maybe your test script already breaks your patch the moment you try to insert 2^17 entries. Otherwise the attack script might need some tweaking. Anyway, your patch will not solve the problem. ------------------------------------------------------------------------ [2012-01-05 08:09:18] [email protected] The following patch has been added/updated: Patch Name: rand_hash_resize.patch Revision: 1325750958 URL: https://bugs.php.net/patch-display.php?bug=60655&patch=rand_hash_resize.patch&revision=1325750958 ------------------------------------------------------------------------ [2012-01-05 05:04:53] [email protected] The following patch has been added/updated: Patch Name: max_input_vars.patch Revision: 1325739893 URL: https://bugs.php.net/patch-display.php?bug=60655&patch=max_input_vars.patch&revision=1325739893 ------------------------------------------------------------------------ [2012-01-05 05:03:29] [email protected] The following patch has been added/updated: Patch Name: max_input_vars.patch Revision: 1325739809 URL: https://bugs.php.net/patch-display.php?bug=60655&patch=max_input_vars.patch&revision=1325739809 ------------------------------------------------------------------------ [2012-01-05 05:02:16] [email protected] The following patch has been added/updated: Patch Name: max_input_vars.patch Revision: 1325739736 URL: https://bugs.php.net/patch-display.php?bug=60655&patch=max_input_vars.patch&revision=1325739736 ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=60655 -- Edit this bug report at https://bugs.php.net/bug.php?id=60655&edit=1
