PHP :: Sec Bug #68598 :: pcntl_exec() should not allow null char

Sec Bug #68598	pcntl_exec() should not allow null char
Submitted:	2014-12-12 22:51 UTC	Modified:	2015-05-19 11:22 UTC
From:	yohgaki@php.net	Assigned:	yohgaki (profile)
Status:	Closed	Package:	PCNTL related
PHP Version:	Irrelevant	OS:	ANY
Private report:	No	CVE-ID:	2015-4026

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	yohgaki@php.net
New email:
PHP Version:		OS:

New Comment:

[2014-12-12 22:51 UTC] yohgaki@php.net

Description:
------------
pcnt_exec() does not check path validity. It should not allow NULL char, just like other file related functions.

I think exec() should not allow NULL char, too.

I'll prepare the patch.
Any comments?


Test script:
---------------
<?php
$path = "/bin/rm\0/usr/local/bin/my_special_program";
$opts = array('my_important_file');
if (!mb_ereg('my_special_program\z', $path)) {
   die('Go away');
}

pcntl_exec($path, $opts);

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2014-12-29 01:30 UTC] yohgaki@php.net

-Summary: pcntl_exec() should allow null char +Summary: pcntl_exec() should not allow null char

[2015-05-15 09:43 UTC] yohgaki@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: yohgaki

[2015-05-15 09:43 UTC] yohgaki@php.net

fixed in PHP 5.4.41/5.5.25/5.6.9

[2015-05-19 05:34 UTC] laruence@php.net

-CVE-ID: +CVE-ID: 2015-402

[2015-05-19 11:22 UTC] kaplan@php.net

-CVE-ID: 2015-402 +CVE-ID: 2015-4026

[2018-03-01 22:00 UTC] cmb@php.net

Related To: Bug #76035

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 14:01:29 2024 UTC