- Disallow illegal class names

diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re
index c520302d1ee0ac55f4d89be689dc227d318b6de3..bc2a477df3d922549f553d7c5b48a1308ff6884e 100644 (file)
--- a/ext/standard/var_unserializer.re
+++ b/ext/standard/var_unserializer.re
@@ -473,7 +473,7 @@ PHPAPI int php_var_unserialize(UNSERIALIZE_PARAMETER)
 }
 
 "O:" uiv ":" ["]       {
-       size_t len, len2, maxlen;
+       size_t len, len2, len3, maxlen;
        int elements;
        char *class_name;
        zend_class_entry *ce;
@@ -506,6 +506,13 @@ PHPAPI int php_var_unserialize(UNSERIALIZE_PARAMETER)
                return 0;
        }
 
+       len3 = strspn(class_name, "0123456789_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ");
+       if (len3 != len)
+       {
+               *p = YYCURSOR + len3 - len;
+               return 0;
+       }
+
        class_name = estrndup(class_name, len);
 
        do {