Skip to content

Fix GH-17037: UAF in user filter when adding existing filter name due to incorrect error handling #17038

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Fix GH-17037: UAF in user filter when adding existing filter name due to incorrect error handling #17038

wants to merge 1 commit into from

Conversation

nielsdos
Copy link
Member

@nielsdos nielsdos commented Dec 3, 2024

There are two functions that can each fail in their own way. If the last function fails we have to remove the filter entry from the hash table, otherwise we risk a UAF. Note also that removing the entry from the table on failure will also free its memory.

@nielsdos
Fix phpGH-17037: UAF in user filter when adding existing filter name …
57eff58 
…due to incorrect error handling

There are two functions that can each fail in their own way. If the last
function fails we have to remove the filter entry from the hash table,
otherwise we risk a UAF. Note also that removing the entry from the
table on failure will also free its memory.
@nielsdos nielsdos requested a review from bukka as a code owner December 3, 2024 21:48
@nielsdos nielsdos linked an issue Dec 3, 2024 that may be closed by this pull request
UAF in user filter when adding existing filter name due to incorrect error handling #17037
Closed
devnexen
devnexen approved these changes Dec 4, 2024
View reviewed changes
Copy link
Member

@devnexen devnexen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

makes sense to me but feel free to wait bukka opinion if you prefer

@nielsdos nielsdos closed this in 00f4881 Dec 4, 2024
charmitro pushed a commit to wasix-org/php that referenced this pull request Mar 13, 2025
@nielsdos @charmitro
Fix phpGH-17037: UAF in user filter when adding existing filter name …
e8015ea 
…due to incorrect error handling

There are two functions that can each fail in their own way. If the last
function fails we have to remove the filter entry from the hash table,
otherwise we risk a UAF. Note also that removing the entry from the
table on failure will also free its memory.

Closes phpGH-17038.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bukka bukka bukka approved these changes

@devnexen devnexen devnexen approved these changes

Assignees
No one assigned
Labels
Extension: standard
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

UAF in user filter when adding existing filter name due to incorrect error handling
3 participants
@nielsdos @bukka @devnexen