php-src/ext/curl/tests/bug73147.phpt

--TEST--
Bug #73147: Use After Free in PHP7 unserialize()
--SKIPIF--
<?php
if (!extension_loaded("curl")) {
        exit("skip curl extension not loaded");
}
?>
--FILE--
<?php

$poc = 'a:1:{i:0;O:8:"CURLFile":1:{s:4:"name";R:1;}}';
try {
    var_dump(unserialize($poc));
} catch(Exception $e) {
    echo $e->getMessage();
}
?>
--EXPECTF--
Warning: Erroneous data format for unserializing 'CURLFile' in %s on line %d

Notice: unserialize(): Error at offset 27 of 44 bytes in %s on line %d
bool(false)
Fix bug #73147: Use After Free in PHP7 unserialize() (cherry picked from commit 0e6fe3a4c96be2d3e88389a5776f878021b4c59f) 2016-09-26 02:53:59 +00:00			`--TEST--`
			`Bug #73147: Use After Free in PHP7 unserialize()`
			`--SKIPIF--`
			`<?php`
			`if (!extension_loaded("curl")) {`
			`exit("skip curl extension not loaded");`
			`}`
			`?>`
			`--FILE--`
			`<?php`

			`$poc = 'a:1:{i:0;O:8:"CURLFile":1:{s:4:"name";R:1;}}';`
			`try {`
Use serialize_deny for CURLFile Instead of a throwing __wakeup() method. 2018-11-26 12:20:51 +00:00			`var_dump(unserialize($poc));`
Fix bug #73147: Use After Free in PHP7 unserialize() (cherry picked from commit 0e6fe3a4c96be2d3e88389a5776f878021b4c59f) 2016-09-26 02:53:59 +00:00			`} catch(Exception $e) {`
Use serialize_deny for CURLFile Instead of a throwing __wakeup() method. 2018-11-26 12:20:51 +00:00			`echo $e->getMessage();`
Fix bug #73147: Use After Free in PHP7 unserialize() (cherry picked from commit 0e6fe3a4c96be2d3e88389a5776f878021b4c59f) 2016-09-26 02:53:59 +00:00			`}`
			`?>`
Use serialize_deny for CURLFile Instead of a throwing __wakeup() method. 2018-11-26 12:20:51 +00:00			`--EXPECTF--`
			`Warning: Erroneous data format for unserializing 'CURLFile' in %s on line %d`

			`Notice: unserialize(): Error at offset 27 of 44 bytes in %s on line %d`
			`bool(false)`