Export and reuse zend_is_valid_class_name API

nikic · nikic · commit df5011f56c09 · 2020-08-28T10:06:01.000+02:00
Unserialization does the same check as zend_lookup_class, so let's
share the same optimized implementation.
diff --git a/Zend/zend_execute.h b/Zend/zend_execute.h
@@ -43,6 +43,7 @@ ZEND_API void zend_init_code_execute_data(zend_execute_data *execute_data, zend_
 ZEND_API void zend_execute(zend_op_array *op_array, zval *return_value);
 ZEND_API void execute_ex(zend_execute_data *execute_data);
 ZEND_API void execute_internal(zend_execute_data *execute_data, zval *return_value);
+ZEND_API zend_bool zend_is_valid_class_name(zend_string *name);
 ZEND_API zend_class_entry *zend_lookup_class(zend_string *name);
 ZEND_API zend_class_entry *zend_lookup_class_ex(zend_string *name, zend_string *lcname, uint32_t flags);
 ZEND_API zend_class_entry *zend_get_called_scope(zend_execute_data *ex);
diff --git a/Zend/zend_execute_API.c b/Zend/zend_execute_API.c
@@ -991,7 +991,7 @@ static const uint32_t valid_chars[8] = {
 	0xffffffff,
 };
 
-static zend_bool zend_is_valid_class_name(zend_string *name) {
+ZEND_API zend_bool zend_is_valid_class_name(zend_string *name) {
 	for (size_t i = 0; i < ZSTR_LEN(name); i++) {
 		unsigned char c = ZSTR_VAL(name)[i];
 		if (!ZEND_BIT_TEST(valid_chars, c)) {
diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re
@@ -1013,7 +1013,7 @@ use_double:
 }
 
 object ":" uiv ":" ["]	{
-	size_t len, len3, maxlen;
+	size_t len, maxlen;
 	zend_long elements;
 	char *str;
 	zend_string *class_name;
@@ -1051,15 +1051,12 @@ object ":" uiv ":" ["]	{
 		return 0;
 	}
 
-	len3 = strspn(str, "0123456789_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ\177\200\201\202\203\204\205\206\207\210\211\212\213\214\215\216\217\220\221\222\223\224\225\226\227\230\231\232\233\234\235\236\237\240\241\242\243\244\245\246\247\250\251\252\253\254\255\256\257\260\261\262\263\264\265\266\267\270\271\272\273\274\275\276\277\300\301\302\303\304\305\306\307\310\311\312\313\314\315\316\317\320\321\322\323\324\325\326\327\330\331\332\333\334\335\336\337\340\341\342\343\344\345\346\347\350\351\352\353\354\355\356\357\360\361\362\363\364\365\366\367\370\371\372\373\374\375\376\377\\");
-	if (len3 != len)
-	{
-		*p = YYCURSOR + len3 - len;
+	class_name = zend_string_init(str, len, 0);
+	if (!zend_is_valid_class_name(class_name)) {
+		zend_string_release_ex(class_name, 0);
 		return 0;
 	}
 
-	class_name = zend_string_init(str, len, 0);
-
 	do {
 		if(!unserialize_allowed_class(class_name, var_hash)) {
 			incomplete_class = 1;
