php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #300 popen, when in safe mode, fails if you use a command with parameters
Submitted: 1998-04-22 09:19 UTC Modified: 1998-04-22 10:29 UTC
From: monti at vesatec dot com Assigned: rasmus (profile)
Status: Closed Package: Other
PHP Version: 3.0 Release Candidate 4 OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: monti at vesatec dot com
New email:
PHP Version: OS:

 

 [1998-04-22 09:19 UTC] monti at vesatec dot com
If safe mode, the popen command search the '/' character to
detect the presence of a path in the command to exec. This is
OK, but has a problem; if you execute a command with parameters,
for example:
  $fp=popen("ls dir/dir2","r")

it will fail because it will replace "ls dir" by the path to the
secure dir, trying to execute "dir2" from this.

I wrote a path to correct this problem; this patch must be
applied to file functions/file.c (where php3_popen function
lives)

The patch:

--------------------- CUT HERE -------------------------


309c309,316
< 	b = strrchr(arg1->value.str.val,'/');
---
> 	b = strchr(arg1->value.str.val,' ');
> 	if(!b) {
> 		b = strrchr(arg1->value.str.val,'/');
> 	} else {
> 		c = arg1->value.str.val;
> 		while((*b!='/')&&(b!=c)) b--;
> 		if(b==c) b=NULL;
> 	}

--------------------- CUT HERE -------------------------


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [1998-04-22 10:29 UTC] rasmus
Patch applied.  Thanks.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 14:01:32 2024 UTC