PHP :: Bug #10167 :: potential Bufferoverflow in extensions based on skeleton...

Bug #10167	potential Bufferoverflow in extensions based on skeleton...
Submitted:	2001-04-04 14:15 UTC	Modified:	2001-04-06 11:00 UTC
From:	s dot esser at ematters dot de	Assigned:
Status:	Closed	Package:	Unknown/Other Function
PHP Version:	4.0 Latest CVS (04/04/2001)	OS:	all
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	s dot esser at ematters dot de
New email:
PHP Version:		OS:

New/Additional Comment:

[2001-04-04 14:15 UTC] s dot esser at ematters dot de

When i was looking through the CVS version of php, i discovered the following piece of code in skeleton.c

---snip---

PHP_FUNCTION(confirm_extname_compiled)
{
        zval **arg;
        int len;
        char string[256];
...
...
...
len = sprintf(string, "Congratulations, you have successfully modified ....
t/extname/config.m4, module %s is compiled into PHP", Z_STRVAL_PP(arg));

---snap---

of course the sprintf could be used to perform a standart bufferoverflow. It should be better changed into ... %.50s ... or similiar to do not create a potential vulnerability.

As far as i can see ircg and cybermut sources still have the compile confirmation in them...

ciao,
Stefan Esser

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-04-06 11:00 UTC] elixer@php.net

Updated in CVS.  Thank you for your report.

Sean

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue Oct 28 04:00:01 2025 UTC