From: Dmitry Stogov <dmitry@zend.com>
Date: Wed, 12 Sep 2018 09:16:50 +0000 (+0300)
Subject: Fixed bug #76869 (Incorrect bypassing protected method accessibilty check).
X-Git-Tag: php-7.3.0RC2~32
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=655a99d1312b3dfd72a1b9e59b7b9322203f615b;p=php

Fixed bug #76869 (Incorrect bypassing protected method accessibilty check).
---

diff --git a/NEWS b/NEWS
index 555cadd217..c99e0fd17a 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,9 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? ????, PHP 7.3.0RC2
+- Core:
+  . Fixed bug #76869 (Incorrect bypassing protected method accessibilty check).
+    (Dmitry)
 
 13 Sep 2018, PHP 7.3.0RC1
 
diff --git a/Zend/tests/bug76869.phpt b/Zend/tests/bug76869.phpt
new file mode 100644
index 0000000000..ba963d4c4e
--- /dev/null
+++ b/Zend/tests/bug76869.phpt
@@ -0,0 +1,23 @@
+--TEST--
+Bug #76869 (Incorrect bypassing protected method accessibilty check)
+--FILE--
+<?php
+class A {
+	private function f() {
+		return "A";
+	}
+}
+class B extends A {
+	protected function f() {
+		return "B";
+	}
+}
+$b = new B();
+try {
+	var_dump($b->f());
+} catch (Throwable $e) {
+	echo "Exception: ", $e->getMessage(), "\n";
+}
+?>
+--EXPECT--
+Exception: Call to protected method B::f() from context ''
diff --git a/Zend/zend_object_handlers.c b/Zend/zend_object_handlers.c
index aa2f5be846..b10e5afb0a 100644
--- a/Zend/zend_object_handlers.c
+++ b/Zend/zend_object_handlers.c
@@ -1243,12 +1243,17 @@ ZEND_API zend_function *zend_std_get_method(zend_object **obj_ptr, zend_string *
 		 */
 
 		scope = zend_get_executed_scope();
-		if (fbc->op_array.fn_flags & ZEND_ACC_CHANGED) {
-			zend_function *priv_fbc = zend_get_parent_private(scope, fbc->common.scope, lc_method_name);
-			if (priv_fbc) {
-				fbc = priv_fbc;
+		do {
+			if (fbc->op_array.fn_flags & ZEND_ACC_CHANGED) {
+				zend_function *priv_fbc = zend_get_parent_private(scope, fbc->common.scope, lc_method_name);
+				if (priv_fbc) {
+					fbc = priv_fbc;
+					break;
+				} else if (!(fbc->op_array.fn_flags & ZEND_ACC_PROTECTED)) {
+					break;
+				}
 			}
-		} else {
+
 			/* Ensure that if we're calling a protected function, we're allowed to do so.
 			 * If we're not and __call() handler exists, invoke it, otherwise error out.
 			 */
@@ -1260,7 +1265,7 @@ ZEND_API zend_function *zend_std_get_method(zend_object **obj_ptr, zend_string *
 					fbc = NULL;
 				}
 			}
-		}
+		} while (0);
 	}
 
 	if (UNEXPECTED(!key)) {