php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #77484 Zend engine crashes when calling realpath in invalid working dir
Submitted: 2019-01-18 00:28 UTC Modified: 2019-01-18 20:03 UTC
From: marcospassos dot com at gmail dot com Assigned: ab (profile)
Status: Closed Package: *Directory/Filesystem functions
PHP Version: 7.3.1 OS: Mac OS 10.12.6
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: marcospassos dot com at gmail dot com
New email:
PHP Version: OS:

 

 [2019-01-18 00:28 UTC] marcospassos dot com at gmail dot com 
Description:
------------
Calling realpath in an invalid working directory causes the engine to crash.

Test script:
---------------
https://3v4l.org/jWhgB

Expected result:
----------------
false

Actual result:
--------------
Crash

Patches

add-undeflow-check (last revision 2019-01-18 16:56 UTC by cmb@php.net)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-01-18 00:31 UTC] spam2 at rhsoft dot net 
outside the PHP world this would classify as vulnerability when simple 2-liner crashs a shared server process
 [2019-01-18 11:31 UTC] cmb@php.net
-Type: Bug +Type: Security -Private report: No +Private report: Yes
 [2019-01-18 11:31 UTC] cmb@php.net 
Tentatively marking as sec bug.
 [2019-01-18 16:56 UTC] cmb@php.net 
The following patch has been added/updated:

Patch Name: add-undeflow-check
Revision:   1547830590
URL:        https://bugs.php.net/patch-display.php?bug=77484&patch=add-undeflow-check&revision=1547830590
 [2019-01-18 16:56 UTC] cmb@php.net
-Status: Open +Status: Verified -Assigned To: +Assigned To: ab
 [2019-01-18 16:56 UTC] cmb@php.net 
There occurs an unsigned underflow in tsrm_realpath_r()[1]; the
attached patch add-undeflow-check would solve this. Anatol, since
you've refactored tsrm_realpath_r() to size_t, could you please
review the patch?

[1] <https://github.com/php/php-src/blob/php-7.3.1/Zend/zend_virtual_cwd.c#L767>
 [2019-01-18 20:03 UTC] stas@php.net
-Type: Security +Type: Bug
 [2019-01-18 20:03 UTC] stas@php.net 
Not a security issue - requires special condition and explicit user action to trigger.
 [2019-01-18 23:32 UTC] spam2 at rhsoft dot net 
as said: outside the autistic php world it is considered as security bug as EVERY crash bug
 [2019-01-19 01:40 UTC] ab@php.net 
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=8b20e7b68bd81ab74423c9f7937699f79401cec4
Log: Fixed bug #77484 Zend engine crashes when calling realpath in invalid working dir
 [2019-01-19 01:40 UTC] ab@php.net
-Status: Verified +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun Dec 22 02:01:28 2024 UTC