Edit report at https://bugs.php.net/bug.php?id=60655&edit=1
ID: 60655 Updated by: larue...@php.net Reported by: larue...@php.net Summary: add max_input_vars for json/serialize Status: Open Type: Feature/Change Request Package: *General Issues PHP Version: 5.3.9RC4 Block user comment: N Private report: N New Comment: sorry, didn't get your point? the collision can not be predicatible any more, why this patch doesn't solve the problem? Previous Comments: ------------------------------------------------------------------------ [2012-01-05 11:24:44] ses...@php.net Your patch does not fix the problem. It will make the first X hashtable grow operations random. But the moment you already inserte 65536 entries the HashTable is now big enough to launch the attack. Maybe your test script already breaks your patch the moment you try to insert 2^17 entries. Otherwise the attack script might need some tweaking. Anyway, your patch will not solve the problem. ------------------------------------------------------------------------ [2012-01-05 08:09:18] larue...@php.net The following patch has been added/updated: Patch Name: rand_hash_resize.patch Revision: 1325750958 URL: https://bugs.php.net/patch-display.php?bug=60655&patch=rand_hash_resize.patch&revision=1325750958 ------------------------------------------------------------------------ [2012-01-05 05:04:53] larue...@php.net The following patch has been added/updated: Patch Name: max_input_vars.patch Revision: 1325739893 URL: https://bugs.php.net/patch-display.php?bug=60655&patch=max_input_vars.patch&revision=1325739893 ------------------------------------------------------------------------ [2012-01-05 05:03:29] larue...@php.net The following patch has been added/updated: Patch Name: max_input_vars.patch Revision: 1325739809 URL: https://bugs.php.net/patch-display.php?bug=60655&patch=max_input_vars.patch&revision=1325739809 ------------------------------------------------------------------------ [2012-01-05 05:02:16] larue...@php.net The following patch has been added/updated: Patch Name: max_input_vars.patch Revision: 1325739736 URL: https://bugs.php.net/patch-display.php?bug=60655&patch=max_input_vars.patch&revision=1325739736 ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=60655 -- Edit this bug report at https://bugs.php.net/bug.php?id=60655&edit=1