|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #10167 potential Bufferoverflow in extensions based on skeleton...
Submitted: 2001-04-04 14:15 UTC Modified: 2001-04-06 11:00 UTC
From: s dot esser at ematters dot de Assigned:
Status: Closed Package: Unknown/Other Function
PHP Version: 4.0 Latest CVS (04/04/2001) OS: all
Private report: No CVE-ID: None
 [2001-04-04 14:15 UTC] s dot esser at ematters dot de
When i was looking through the CVS version of php, i discovered the following piece of code in skeleton.c


        zval **arg;
        int len;
        char string[256];
len = sprintf(string, "Congratulations, you have successfully modified ....
t/extname/config.m4, module %s is compiled into PHP", Z_STRVAL_PP(arg));


of course the sprintf could be used to perform a standart bufferoverflow. It should be better changed into ... %.50s ... or similiar to do not create a potential vulnerability.

As far as i can see ircg and cybermut sources still have the compile confirmation in them...

Stefan Esser


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2001-04-06 11:00 UTC]
Updated in CVS.  Thank you for your report.

PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Thu Sep 28 20:01:24 2023 UTC