PHP :: Bug #300 :: popen, when in safe mode, fails if you use a command with parameters

Bug #300	popen, when in safe mode, fails if you use a command with parameters
Submitted:	1998-04-22 09:19 UTC	Modified:	1998-04-22 10:29 UTC
From:	monti at vesatec dot com	Assigned:	rasmus (profile)
Status:	Closed	Package:	Other
PHP Version:	3.0 Release Candidate 4	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	monti at vesatec dot com
New email:
PHP Version:		OS:

New Comment:

[1998-04-22 09:19 UTC] monti at vesatec dot com

If safe mode, the popen command search the '/' character to
detect the presence of a path in the command to exec. This is
OK, but has a problem; if you execute a command with parameters,
for example:
  $fp=popen("ls dir/dir2","r")

it will fail because it will replace "ls dir" by the path to the
secure dir, trying to execute "dir2" from this.

I wrote a path to correct this problem; this patch must be
applied to file functions/file.c (where php3_popen function
lives)

The patch:

--------------------- CUT HERE -------------------------


309c309,316
< 	b = strrchr(arg1->value.str.val,'/');
---
> 	b = strchr(arg1->value.str.val,' ');
> 	if(!b) {
> 		b = strrchr(arg1->value.str.val,'/');
> 	} else {
> 		c = arg1->value.str.val;
> 		while((*b!='/')&&(b!=c)) b--;
> 		if(b==c) b=NULL;
> 	}

--------------------- CUT HERE -------------------------

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[1998-04-22 10:29 UTC] rasmus

Patch applied.  Thanks.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue Nov 04 07:00:01 2025 UTC