php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #10167 potential Bufferoverflow in extensions based on skeleton...
Submitted: 2001-04-04 14:15 UTC Modified: 2001-04-06 11:00 UTC
From: s dot esser at ematters dot de Assigned:
Status: Closed Package: Unknown/Other Function
PHP Version: 4.0 Latest CVS (04/04/2001) OS: all
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: s dot esser at ematters dot de
New email:
PHP Version: OS:

 

 [2001-04-04 14:15 UTC] s dot esser at ematters dot de
When i was looking through the CVS version of php, i discovered the following piece of code in skeleton.c

---snip---

PHP_FUNCTION(confirm_extname_compiled)
{
        zval **arg;
        int len;
        char string[256];
...
...
...
len = sprintf(string, "Congratulations, you have successfully modified ....
t/extname/config.m4, module %s is compiled into PHP", Z_STRVAL_PP(arg));

---snap---

of course the sprintf could be used to perform a standart bufferoverflow. It should be better changed into ... %.50s ... or similiar to do not create a potential vulnerability.

As far as i can see ircg and cybermut sources still have the compile confirmation in them...

ciao,
Stefan Esser

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-04-06 11:00 UTC] elixer@php.net
Updated in CVS.  Thank you for your report.

Sean
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 17:01:29 2024 UTC