PHP :: Bug #45151 :: Crash with URI/file..php (filename contains 2 dots)

Bug #45151	Crash with URI/file..php (filename contains 2 dots)
Submitted:	2008-06-02 19:20 UTC	Modified:	2008-07-15 13:39 UTC
From:	giedrius at su dot lt	Assigned:	dmitry (profile)
Status:	Closed	Package:	CGI/CLI related
PHP Version:	5.2.6	OS:	Linux 2.6
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	giedrius at su dot lt
New email:
PHP Version:		OS:

New Comment:

[2008-06-02 19:20 UTC] giedrius at su dot lt

Description:
------------
PHP SEGfaults when opening file..php
PHP(FastCGI SAPI) is invoked via suphp
running php-cgi binary manually does NOT trigger segfault

For the moment managed to fix this by replacing ".." directory 
protection to "../"


Expected result:
----------------
parse the file

Actual result:
--------------
segfaults

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2008-06-02 19:22 UTC] giedrius at su dot lt

Fixed by replacing ".." to "../" in sapi/cgi/cgi_main.c
for directory protection in url

[2008-07-11 16:27 UTC] jani@php.net

Dmitry, can you check this out please?

[2008-07-15 13:39 UTC] dmitry@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 11:01:29 2024 UTC