php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #16811 Crash in shell_exec when popen fails (fix included)
Submitted: 2002-04-24 19:36 UTC Modified: 2002-04-25 10:04 UTC
From: swbrown at ucsd dot edu Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 4.2.0 OS: any
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: swbrown at ucsd dot edu
New email:
PHP Version: OS:

 

 [2002-04-24 19:36 UTC] swbrown at ucsd dot edu 
(This web form will probably eat the diff, so you can also get it here: http://www.cs.ucsd.edu/~sbrown/php-shell_exec-fix.diff)

If PHP is resource-starved and can't popen, the shell_exec function detects the error but forgets to return, resulting in a NULL (FILE *) being passed to fread on line 466 of exec.c (PHP 4.2.0) which causes a crash.  This patch adds the missing RETURN_FALSE.

Steven Brown <swbrown@ucsd.edu>


--- php-4.2.0/ext/standard/exec.c	Tue Dec 11 07:30:29 2001
+++ php-4.2.0-fixed/ext/standard/exec.c	Wed Apr 24 15:39:56 2002
@@ -459,6 +459,7 @@
 	if ((in=VCWD_POPEN(Z_STRVAL_PP(cmd), "r"))==NULL) {
 #endif
 		php_error(E_WARNING, "Unable to execute '%s'", Z_STRVAL_PP(cmd));
+		RETURN_FALSE;
 	}
 	allocated_space = EXEC_INPUT_BUF;
 	ret = (char *) emalloc(allocated_space);

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-04-25 02:45 UTC] derick@php.net 
This bug has been fixed in CVS.
 [2002-04-25 10:04 UTC] sniper@php.net 
And the fix will be in PHP 4.2.1
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Jul 17 01:01:33 2025 UTC