PHP :: Bug #62881 :: posix_getpwnam("") && posix_getgrnam("") didn't return false on Mac OSX 10.8

Bug #62881	posix_getpwnam("") && posix_getgrnam("") didn't return false on Mac OSX 10.8
Submitted:	2012-08-21 16:54 UTC	Modified:	2012-08-22 04:57 UTC
From:	reeze dot xia at gmail dot com	Assigned:
Status:	Wont fix	Package:	POSIX related
PHP Version:	Irrelevant	OS:	Mac OSX 10.8
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	reeze dot xia at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2012-08-21 16:54 UTC] reeze dot xia at gmail dot com

Description:
------------
In Mac OS X 10.8 mountain lion, getpwnam() && getgrnam() didn't return NULL
when empty string supplied. this is a bug of 10.8.0

since uid 0 an gid 0 most belongs to root, this might have security issue.

and this breaks these test cases:
posix_getgrnam(): Basic tests [ext/posix/tests/posix_getgrnam.phpt]
posix_getgrnam(): Basic tests [ext/posix/tests/posix_getgrnam_basic.phpt]
posix_getpwnam(): Basic tests [ext/posix/tests/posix_getpwnam.phpt]
posix_getpwnam(): Basic tests [ext/posix/tests/posix_getpwnam_basic.phpt]

here is reproducible code from: Andreas Fink <afink@list.fink.org>:
#include <sys/types.h>
#include <stdio.h>
#include <pwd.h>
#include <uuid/uuid.h>
#include <stdlib.h>

#define	MAYBE_NULL_STRING(a)	(a ? a : "(NULL)")

extern int errno;

int main(int argc, char *argv[])
{
	errno = 0;
	struct passwd *pwdstruct = getpwnam("");
	printf("errno = %d\n",errno);
	if(pwdstruct == NULL)
	{
		printf("pwdstruct == NULL\n");
		exit(0);
	}

	printf("pw_name: %s\n",MAYBE_NULL_STRING(pwdstruct->pw_name));
	printf("pw_passwd: %s\n",MAYBE_NULL_STRING(pwdstruct->pw_passwd));
	printf("pw_uid: %d\n",pwdstruct->pw_uid);
	printf("pw_gid: %d\n",pwdstruct->pw_gid);
}


produces

$ ./a.out 
errno = 0
pw_name: 
pw_passwd: 
pw_uid: 0
pw_gid: 0


Test script:
---------------
<?php
var_dump(posix_getpwnam(""));
var_dump(posix_getgrnam(""));

Expected result:
----------------
bool(false)
bool(false)

Actual result:
--------------
array(7) {
  ["name"]=>
  string(0) ""
  ["passwd"]=>
  string(0) ""
  ["uid"]=>
  int(0)
  ["gid"]=>
  int(0)
  ["gecos"]=>
  string(0) ""
  ["dir"]=>
  string(0) ""
  ["shell"]=>
  string(0) ""
}
array(4) {
  ["name"]=>
  string(0) ""
  ["passwd"]=>
  string(0) ""
  ["members"]=>
  array(0) {
  }
  ["gid"]=>
  int(0)
}

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2012-08-21 17:06 UTC] reeze dot xia at gmail dot com

Hi,
  I'v sent a pull request for this bug:

https://github.com/php/php-src/pull/176


thanks

[2012-08-22 03:02 UTC] laruence@php.net

-Status: Open +Status: Wont fix

[2012-08-22 03:02 UTC] laruence@php.net

same comment copied from the pr:

we don't fix bug doesn't belong to php
Linux man page of posix_getpwnam doesn't specific the situation about empty 
string
Posix functions are buggy in mac os. so, won't fix for this, leave it to apple .
btw:

after a quick google, seems you have file a bug to apple, then file another bug 
to ruby..

and the ruby guy told you the same thing I told.

why you still think it should be fixed in php self?

[2012-08-22 03:18 UTC] aharvey@php.net

To reiterate what I said on GitHub: I think we could put a workaround in just for those OS X versions behind an appropriate #if guard (blank user and group names are valid in at least some POSIX OSes, so we don't want to hardcode the behaviour for posix_getgrnam('')), but it's probably not worth the code clutter in the grand scheme of things.

[2012-08-22 03:43 UTC] laruence@php.net

it's no need:

1. first it's a knew bug of apple, apple will fix that

2. as you said, you can create a group with empty string in ubuntu.

we have no reason to introduce such a temporary fix

[2012-08-22 03:45 UTC] reeze dot xia at gmail dot com

Hi, aharvey
  how did you made it? by a tricky way?. :)

[2012-08-22 03:50 UTC] aharvey@php.net

Yeah, I had to edit /etc/passwd directly to do it, but it's possible, and once created, the account works normally on Linux: http://i.imgur.com/PI3zt.png

[2012-08-22 04:10 UTC] reeze dot xia at gmail dot com

OooK... by hacking /etc/passwd  hmmm. $ useradd didn't allow that.

so technically uid could be -1, etc heh.

anyway, there always trade off, I prefer it get fixed.

[2012-08-22 04:57 UTC] laruence@php.net

you think we should fix this, then after apple fixed their bug, we remove this fix 
then?

[2012-08-22 05:19 UTC] reeze dot xia at gmail dot com

NO, I don't mean that. PHP isn't always running on lastest OS.
It just a conditional workaround for buggy api.

Since there are not that much application running on OSX.
I'm ok if you guys think we didn't fix that.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 18:01:29 2024 UTC