php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #40746 PHP <= 4.4.6 mssql_connect() & mssql_pconnect() local buffer overflow
Submitted: 2007-03-07 09:45 UTC Modified: 2008-07-11 21:23 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: youza at post dot cz Assigned: fmk (profile)
Status: Wont fix Package: MSSQL related
PHP Version: 4.4.6 OS: Windows
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: youza at post dot cz
New email:
PHP Version: OS:

 

 [2007-03-07 09:45 UTC] youza at post dot cz 
Description:
------------
PHP <= 4.4.6 mssql_connect() & mssql_pconnect() local buffer overflow and safe_mode bypass


Reproduce code:
---------------
See
http://www.securityfocus.com/archive/1/462010/30/0/threaded
or
original url: http://retrogod.altervista.org/php_446_mssql_connect_bof.html

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-03-07 17:37 UTC] fmk@php.net 
This is a problem with the dbopen() function in Microsofts ntdblib library, and not a problem within the PHP extension.

I'll add some length checks to the host parameter for mssql_connect() and mssql_pconnect() to prevent this from happening.

The problem does not exists in php_dblib.dll (the same extension compiled with FreeTDS version of the dblib library).
 [2008-07-11 21:23 UTC] jani@php.net 
We are sorry, but we can not support PHP 4 related problems anymore.
Momentum is gathering for PHP 6, and we think supporting PHP 4 will
lead to a waste of resources which we want to put into getting PHP 6
ready.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Mon May 12 04:01:29 2025 UTC