php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #300 popen, when in safe mode, fails if you use a command with parameters
Submitted: 1998-04-22 09:19 UTC Modified: 1998-04-22 10:29 UTC
From: monti at vesatec dot com Assigned: rasmus (profile)
Status: Closed Package: Other
PHP Version: 3.0 Release Candidate 4 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: monti at vesatec dot com
New email:
PHP Version: OS:

 

 [1998-04-22 09:19 UTC] monti at vesatec dot com 
If safe mode, the popen command search the '/' character to
detect the presence of a path in the command to exec. This is
OK, but has a problem; if you execute a command with parameters,
for example:
  $fp=popen("ls dir/dir2","r")

it will fail because it will replace "ls dir" by the path to the
secure dir, trying to execute "dir2" from this.

I wrote a path to correct this problem; this patch must be
applied to file functions/file.c (where php3_popen function
lives)

The patch:

--------------------- CUT HERE -------------------------


309c309,316
< 	b = strrchr(arg1->value.str.val,'/');
---
> 	b = strchr(arg1->value.str.val,' ');
> 	if(!b) {
> 		b = strrchr(arg1->value.str.val,'/');
> 	} else {
> 		c = arg1->value.str.val;
> 		while((*b!='/')&&(b!=c)) b--;
> 		if(b==c) b=NULL;
> 	}

--------------------- CUT HERE -------------------------

Patches

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [1998-04-22 10:29 UTC] rasmus 
Patch applied.  Thanks.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Sep 07 23:01:27 2024 UTC