PHP :: Doc Bug #25997 :: Embedded null characters in strings breaks documented behavior of functions.

Doc Bug #25997	Embedded null characters in strings breaks documented behavior of functions.
Submitted:	2003-10-26 22:32 UTC	Modified:	2004-08-06 12:04 UTC
From:	xodfull at starmen dot net	Assigned:
Status:	Closed	Package:	Documentation problem
PHP Version:	4.3.3	OS:	Linux, Apache.
Private report:	No	CVE-ID:	None

View Developer Edit

[2003-10-26 22:32 UTC] xodfull at starmen dot net

Description:
------------
ip2long() is supposed to return -1 on an invalid ip address.  Because of PHP's method of storing strings, and a careless calling of standard C library functions that use null-terminated strings, it will not return -1 on invalid ip addresses that contain embedded null characters in appropriate places.

" The function ip2long() generates an IPv4 Internet network address from its Internet standard format (dotted string) representation. If ip_address is invalid than -1 is returned. Note that -1  does not evaluate as FALSE in PHP."

Reproduce code:
---------------
if(ip2long($_GET[ip]) != -1)
 echo($_GET[ip]);

http://something.net/somescript.php?ip=127.0.0.1%00<b>foo</b>

Expected result:
----------------
Arbitrary HTML insertion.  Worse effects may be possible depending on the application.

Patches

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-10-27 17:29 UTC] iliaa@php.net

ip2long() works as advertised. However, if brought a very good point and this should be documented. For security, if ip2long() is used only for validation the IP should be escaped or should be used like this:
$ip = long2ip(ip2long($ip));

[2004-08-06 12:04 UTC] dave@php.net

This bug has been fixed in the documentation's XML sources. Since the
online and downloadable versions of the documentation need some time
to get updated, we would like to ask you to be a bit patient.

Thank you for the report, and for helping us make our documentation better.

[2020-02-07 06:11 UTC] phpdocbot@php.net

Automatic comment on behalf of dave
Revision: http://git.php.net/?p=doc/en.git;a=commit;h=37f3e09ca179f3d16c3e53b0472735767d7d916b
Log: - Fix #25997.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Wed Aug 14 10:01:29 2024 UTC