PHP :: Bug #75077 :: syslog messages need to be checked for conformance with RFC-3164 and RFC-5424

Bug #75077

syslog messages need to be checked for conformance with RFC-3164 and RFC-5424

Submitted:

2017-08-15 20:47 UTC

Modified:

2021-07-30 10:55 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

philipp at redfish-solutions dot com

Assigned:

cmb (profile)

Status:

Closed

Package:

Unknown/Other Function

PHP Version:

7.1.8

OS:

linux 4.9.40

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	philipp at redfish-solutions dot com
New email:
PHP Version:		OS:

New Comment:

[2017-08-15 20:47 UTC] philipp at redfish-solutions dot com

Description:
------------
This issue came up in the discussions for bz #74860.

Basically, the only type of message explicitly and unequivocally allowed by the Syslog RFC's is NVT ASCII (i.e. hex characters 0x20-0x7E).

UTF-8 maybe used in compressed (shortest form) but it must be prefixed with a BOM (0xEF,0xBB,0xBF).

Also, see the discussion for PR #2674.



Test script:
---------------
<?php

ini_set("error_log", "syslog");

error_log("h\364pital stra\337e", 0);

error_log("this string \321\032\003", 0);

?>


Expected result:
----------------
It's not obvious what the correct behavior is in legacy cases which violate the RFC's.



Actual result:
--------------
Aug 15 14:43:07 ubuntu16 php7.0: h?pital stra?e
Aug 15 14:43:07 ubuntu16 php7.0: this string ?#032#003

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2017-08-16 19:16 UTC] philipp at redfish-solutions dot com

The more I think about this, the less I think it should be a security bug since there's nothing specific to PHP that makes it the vulnerability.  Can we please change this to "BUG" instead?

[2017-08-19 04:35 UTC] stas@php.net

-Type: Security +Type: Bug -Package: Output Control +Package: Unknown/Other Function

[2021-07-30 10:52 UTC] cmb@php.net

-Status: Open +Status: Closed -Package: Unknown/Other Function +Package: *Network Functions -Assigned To: +Assigned To: cmb

[2021-07-30 10:52 UTC] cmb@php.net

As of PHP 7.3.0, you can set syslog.filter=ascii[1] what escapes
all non-printable ASCII characters.  It seems to me that is
sufficient to comply to these RFCs.

[1] <https://www.php.net/manual/en/errorfunc.configuration.php#ini.syslog.filter>

[2021-07-30 10:55 UTC] cmb@php.net

-Package: *Network Functions +Package: Unknown/Other Function

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Dec 22 03:01:28 2024 UTC