Hashtable & LinkedList Destructor Protection

Hashtables and LinkedLists are data structures that are internally used within the PHP code. When these data structures are initialised it is possible to register an element destructor. This destructor function is called whenever an element is removed from the data structure.

When a bufferoverflow occurs within PHP an attacker might be able to overwrite the pointer to the destructor with a pointer that points to his own injected code, which normally results in his code beeing executed when the next element is removed. To stop this kind of attack Suhosin will create a list of real destructor pointers during runtime and whenever a destructor is about to be called Suhosin first checks if the destructor in question is within the list and if not this issue is logged and the process is terminated because after a bufferoverflow it might be in an unstable state. This sucessfully stops all destructor injection attacks.

Back to the feature list

© Hardened PHP Project