php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #34579 sqlite_open seg faults if "getcwd" fails
Submitted: 2005-09-21 13:42 UTC Modified: 2005-09-21 13:48 UTC
From: secpelle at ee dot oulu dot fi Assigned:
Status: Not a bug Package: Reproducible crash
PHP Version: 5.0.5 OS: Solaris
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: secpelle at ee dot oulu dot fi
New email:
PHP Version: OS:

 

 [2005-09-21 13:42 UTC] secpelle at ee dot oulu dot fi 
Description:
------------
sqlite crashes php if "getcwd" fails due to restrictive permission in parent directories, for cli this is an annoyance, for php module in apache this is a local DoS

null ptr dereference in sqliteOsFullPathname()

Reproduce code:
---------------
% mkdir -p test/test
% cd test/test
% echo '<?sqlite_open("a.db");?>' | php
# all ok
chmod 111 ..
% pwd
pwd: cannot determine current directory!
% echo '<?sqlite_open("b.db");?>' | php
Segmentation fault (core dumped)


Expected result:
----------------
no crash

Actual result:
--------------
=>[1] strlen(0x0, 0x0, 0xffbf9f60, 0x7efefeff, 0x81010100, 0x0), at 0xef8b44e4 
  [2] sqliteSetString(0xffbfdf3c, 0x0, 0x3f9268, 0x539ca0, 0x0, 0x0), at 0x1fa914 
  [3] sqliteOsFullPathname(0x539ca0, 0x0, 0x0, 0x62, 0x0, 0x3f9000), at 0x1eb3cc 
  [4] sqlitepager_open(0x51a854, 0x539ca0, 0x7d0, 0x118, 0x1, 0x46bc00), at 0x1ec3d0 
  [5] sqliteBtreeOpen(0x539ca0, 0x0, 0x7d0, 0x539cc4, 0x1, 0x51a850), at 0x1d2100 
  [6] sqlite_open(0x539ca0, 0x539cb8, 0xffbfe1d4, 0x539d28, 0x2, 0x539cc4), at 0x1e8fc4 
  [7] zif_sqlite_open(0x539ca0, 0x539c58, 0x0, 0x0, 0x480ce4, 0x1b6), at 0x1c421c 
  [8] zend_do_fcall_common_helper(0x52bd80, 0x538480, 0x1, 0x498bf0, 0xffbfe2ec, 0x538490), at 0x39d83c 
  [9] execute(0x534220, 0xffffffff, 0x39de10, 0xffbfe2ec, 0x4, 0x498c18), at 0x398964 
  [10] zend_execute_scripts(0x8, 0x0, 0xffbfe9c8, 0x416610, 0x416778, 0x2), at 0x35beb4 
  [11] php_execute_script(0xffbfe9c8, 0xffbfe910, 0x0, 0x49ae28, 0x0, 0x49ae38), at 0x2ecdfc 
  [12] main(0x0, 0x1, 0xffffffff, 0x4940d8, 0x0, 0x41c000), at 0x3a58a4

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-09-21 13:48 UTC] tony2001@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.0-win32-latest.zip

Can't reproduce.
 [2005-09-21 13:48 UTC] wez@php.net 
Please report this to the SQLite guys (http://www.sqlite.org/cvstrac/tktnew); it is not a PHP bug.  Once they've resolved the issue, you can rebuild PHP against the fixed version of libsqlite.

We will upgrade our bundled version when a fix becomes available, ready for our next release.

Thanks for reporting this!
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Tue Dec 02 17:00:01 2025 UTC