PHP :: Bug #11364 :: ob_start overflow ?

Bug #11364	ob_start overflow ?
Submitted:	2001-06-08 14:37 UTC	Modified:	2001-06-08 15:20 UTC
From:	sebastien dot blon at nfrance dot com	Assigned:
Status:	Closed	Package:	Output Control
PHP Version:	4.0.4pl1	OS:	OpenBSD 2.7
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	sebastien dot blon at nfrance dot com
New email:
PHP Version:		OS:

New Comment:

[2001-06-08 14:37 UTC] sebastien dot blon at nfrance dot com

Our apache server crashed several times. We found out that before
each crash, the error_log file grows up to 2 GBytes, containing the HTML code from  one page of a particular site (always the same page).

We checked this page and found that it was using ob_start() function.
After the desactivation of this function in php.ini, the server does not crash
any more.

We think there is perhaps a potential security hole in this function because
if datas can be writen into error_log , they might be written anywhere else.

Let us know about it

Regards,

S?bastien BLON

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-06-08 15:20 UTC] sniper@php.net

This should be fixed in PHP 4.0.5. But please try the
soon to be released 4.0.6 release candidate 3:

http://www.php.net/~andi/php-4.0.6RC3.tar.gz


--Jani

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Dec 22 01:01:30 2024 UTC