PHP :: Bug #7822 :: system crash

Bug #7822	system crash
Submitted:	2000-11-14 19:06 UTC	Modified:	2001-05-10 10:14 UTC
From:	wuxinan at 263 dot net	Assigned:
Status:	Closed	Package:	Apache related
PHP Version:	4.0.4	OS:	Windows 98
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	wuxinan at 263 dot net
New email:
PHP Version:		OS:

New Comment:

[2000-11-14 19:06 UTC] wuxinan at 263 dot net

I config PHP for Apache 1.3.14 for Win32 as almost all people do: in apache configuation file:

ScriptAlias /php/ "C:/Program Files/PHP/"
<Directory "C:/Program Files/PHP/">
    AllowOverride None
    Options None
</Directory>
AddType application/x-httpd-php .php
Action application/x-httpd-php "/php/php.exe"

All the things go well and apache is able to process .php files. However, I type: http://localhost/php/php.exe, then my system crashes... Windows says that php.exe: program error.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-01-06 02:29 UTC] cynic@php.net

does this problem exist in PHP 4.0.4

[2001-01-08 02:32 UTC] wuxinan at 263 dot net

In 4.0.4, This bug still exists.

(Win32, php.ini) Conditions for this bug:
safe_mode=Off
doc_root=; the root of the php pages, used only if nonempty
(doc_root is empty)

In such configured PHP, system will crash if I type the URL:
http://localhost/php/php.exe
(Note: no "/" at the end of the URL)

I may consult the source code if I have time later.

[2001-01-12 10:26 UTC] cynic@php.net

indeed. a temporary workaround, if I may:

<LocationMatch "/php/php(\.exe)?">
	deny from all
</LocationMatch>

This at least denies direct access to the executable, and thus gets you rid of the crashes.

[2001-01-12 12:27 UTC] wuxinan at 263 dot net

cynic: This is a Great Idea!

[2001-05-04 03:41 UTC] wuxinan at 263 dot net

Now I use Apache/1.3.19 with PHP/4.0.5 for Windows 98
this problem still exists.

Default setting will make system crash in Windows 98 if accessing something like

http://localhost/php/php.exe

I guess PHP at least should announce this problem (and I've made two of my friends crashed, sorry if they see this.).

[2001-05-07 12:35 UTC] sbergmann@php.net

I don't see the point in accessing http://localhost/php/php.exe. So, why do you want to do that?

[2001-05-07 12:52 UTC] cynic@php.net

I guess the point is to prevent malicious users from crashing the server.

[2001-05-09 11:22 UTC] sniper@php.net

System security bugs are quite critical.
This has to be addressed before 4.0.6

--Jani

[2001-05-10 10:14 UTC] zeev@php.net

Fixed in the CVS.  Thanks for the report!

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Dec 22 11:01:30 2024 UTC