Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[Security] Complain about an empty decision strategy #29981

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 21, 2019
Merged

[Security] Complain about an empty decision strategy #29981

merged 1 commit into from
Feb 21, 2019

Conversation

corphi
Copy link
Contributor

@corphi corphi commented Jan 24, 2019

Q A
Branch? 3.4
Bug fix? yes
New feature? no
BC breaks? no
Deprecations? no
Tests pass? yes
Fixed tickets -
License MIT
Doc PR -

When an empty string is passed (or objects with a similarly behaving __toString() method) to the constructor, the call to decide causes infinite recursion.

@corphi corphi force-pushed the fix-infinite-recursion branch from 44fb1ff to 35d3cc8 Compare January 24, 2019 23:20
@corphi
Copy link
Contributor Author

corphi commented Jan 26, 2019

The actual issue is of course that the method names are not prefix-free.

@corphi corphi force-pushed the fix-infinite-recursion branch from 35d3cc8 to ab12ca8 Compare January 26, 2019 11:33
xabbuh
xabbuh requested changes Jan 26, 2019
View reviewed changes
Copy link
Member

@xabbuh xabbuh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should rather check that the passed value is not an empty string. The proposed solution has the drawback that it will fail again in the future if we introduce a doDecide() method for whatever reason.

@corphi corphi force-pushed the fix-infinite-recursion branch from ab12ca8 to c537c85 Compare January 27, 2019 22:49
@corphi corphi changed the base branch from master to 3.4 January 27, 2019 22:52
@corphi corphi force-pushed the fix-infinite-recursion branch from c537c85 to 42e34f4 Compare January 27, 2019 22:54
@corphi corphi force-pushed the fix-infinite-recursion branch from 42e34f4 to 88502a5 Compare January 28, 2019 22:41
@nicolas-grekas nicolas-grekas added this to the 3.4 milestone Jan 30, 2019
@corphi corphi force-pushed the fix-infinite-recursion branch from 88502a5 to 228329a Compare February 3, 2019 20:56
@corphi corphi force-pushed the fix-infinite-recursion branch from 228329a to 21f73d2 Compare February 11, 2019 20:54
@corphi corphi force-pushed the fix-infinite-recursion branch from 21f73d2 to 3a22cad Compare February 19, 2019 22:17
@corphi
Copy link
Contributor Author

corphi commented Feb 19, 2019

I applied the requested changes; the label didn’t change, though.

@fabpot
Copy link
Member

fabpot commented Feb 21, 2019

Thank you @corphi.

@fabpot fabpot merged commit 3a22cad into symfony:3.4 Feb 21, 2019
fabpot added a commit that referenced this pull request Feb 21, 2019
@fabpot
bug #29981 [Security] Complain about an empty decision strategy (corphi)
68d5597 
This PR was merged into the 3.4 branch.

Discussion
----------

[Security] Complain about an empty decision strategy

| Q             | A
| ------------- | ---
| Branch?       | 3.4
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | -
| License       | MIT
| Doc PR        | -

When an empty string is passed (or objects with a similarly behaving `__toString()` method) to the constructor, the call to `decide` causes infinite recursion.

Commits
-------

3a22cad Fix infinite recursion when passed an empty string
@corphi corphi deleted the fix-infinite-recursion branch February 21, 2019 22:23
This was referenced Mar 3, 2019
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nicolas-grekas nicolas-grekas nicolas-grekas left review comments

@hacfi hacfi hacfi left review comments

@sstok sstok sstok left review comments

@chalasr chalasr chalasr left review comments

@fabpot fabpot fabpot approved these changes

@xabbuh xabbuh xabbuh approved these changes

Assignees
No one assigned
Labels
Bug Security Status: Reviewed
Projects
None yet
Milestone
3.4
Development

Successfully merging this pull request may close these issues.
8 participants
@corphi @fabpot @nicolas-grekas @hacfi @sstok @xabbuh @chalasr @carsonbot