1--TEST-- 2Bug #70741 (Session WDDX Packet Deserialization Type Confusion Vulnerability) 3--SKIPIF-- 4<?php 5if (!extension_loaded("wddx")) print "skip"; 6if (!extension_loaded("session")) print "skip session extension not available"; 7?> 8--FILE-- 9<?php 10ini_set('session.serialize_handler', 'wddx'); 11session_start(); 12 13$hashtable = str_repeat('A', 66); 14$wddx = "<?xml version='1.0'?> 15<wddxPacket version='1.0'> 16<header/> 17 <data> 18 <string>$hashtable</string> 19 </data> 20</wddxPacket>"; 21session_decode($wddx); 22?> 23DONE 24--EXPECTF-- 25Warning: session_decode(): Failed to decode session object. Session has been destroyed in %s on line %d 26DONE 27
