PHP :: Sec Bug #64112 :: Not correct $this when statically call non-static method

Sec Bug #64112	Not correct $this when statically call non-static method
Submitted:	2013-01-31 11:42 UTC	Modified:	2013-01-31 12:13 UTC
From:	pavelpat at ya dot ru	Assigned:
Status:	Not a bug	Package:	*General Issues
PHP Version:	5.4.11	OS:	Linux 3.5.0 x64
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	pavelpat at ya dot ru
New email:
PHP Version:		OS:

New Comment:

[2013-01-31 11:42 UTC] pavelpat at ya dot ru

Description:
------------
When calling non-static method from object method, that method has wrong $this, pointing to object from which call does (example one). Also it is security problem - attacker may "override" (not real overriding) private method (example two).

Test script:
---------------
Example one:
class A {
    function aaa() {
        echo get_class($this);
    }
}

class B {
    function bbb() {
        A::aaa();
    }
}

(new B())->bbb();


Example two:
class PasswordManager {
    private function getPasswordHash($rawPassword) {
        return md5($rawPassword);
    }
    private function isPasswordValid($rawPassword, $hashPassword) {
        return $hashPassword === $this->getPasswordHash($rawPassword);
    }
    public function authorize($rawPassword, $hashPassword) {
        if ($this->isPasswordValid($rawPassword, $hashPassword)) {
            echo "Congratulations! You are authorized!\n";
            return true;
        }

        echo "Sorry! Authorization failed!\n";
        return false;
    }
}

class Attacker {
    public function isPasswordValid($a, $b) {
        return true;
    }
    public function doAttack() {
        PasswordManager::authorize(null, null);
    }
}

(new Attacker())->doAttack();



Expected result:
----------------
Example 1:
NULL

Actual result:
--------------
Example 1:
B

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2013-01-31 12:13 UTC] johannes@php.net

-Status: Open +Status: Not a bug

[2013-01-31 12:13 UTC] johannes@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

See http://www.php.net/manual/en/language.oop5.basic.php#language.oop5.basic.class.this
and https://wiki.php.net/rfc/incompat_ctx

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Dec 26 13:01:30 2024 UTC