php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #14046 segfaults due to curlopt not checking file handles are valid
Submitted: 2001-11-13 21:20 UTC Modified: 2001-11-20 05:59 UTC
From: alan_k at hklc dot com Assigned: sterling (profile)
Status: Closed Package: cURL related
PHP Version: 4.0CVS-2001-11-13 OS: debian linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: alan_k at hklc dot com
New email:
PHP Version: OS:

 

 [2001-11-13 21:20 UTC] alan_k at hklc dot com 
curlopt does not check that file handles are valid - so if you send it a string for CURL_INFILE it will segfault.

patch below
Index: curl.c
===================================================================
RCS file: /repository/php4/ext/curl/curl.c,v
retrieving revision 1.97
diff -u -r1.97 curl.c
--- curl.c      13 Nov 2001 11:47:52 -0000      1.97
+++ curl.c      14 Nov 2001 02:16:47 -0000
@@ -706,8 +706,13 @@
        case CURLOPT_INFILE: 
        case CURLOPT_WRITEHEADER:
        case CURLOPT_STDERR: {
-               FILE *fp;
+               FILE *fp=NULL;
                ZEND_FETCH_RESOURCE(fp, FILE *, zvalue, -1, "File-Handle", php_file_le_fopen());
+                if (!fp) {
+                       php_error(E_WARNING,    "You must pass a file handle with the CURLOPT_FILE,"
+                                         "CURLOPT_INFILE, CURLOPT_WRITEHEADER and CURLOPT_STDERR arguments");
+                       RETURN_FALSE;
+               }
 
                error = CURLE_OK;
                switch (option) {

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-11-14 02:25 UTC] derick@php.net 
Assigned this to you sterling, cause you're the cURL master here.

Derick
 [2001-11-20 05:59 UTC] sterling@php.net 
RETURN_FALSE; is enough, since ZEND_FETCH_RESOURCE() will complain with an E_WARNING... Will modify source, in next commit with POSTFIELDS commit...
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed May 07 15:01:31 2025 UTC