php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #10167 potential Bufferoverflow in extensions based on skeleton...
Submitted: 2001-04-04 14:15 UTC Modified: 2001-04-06 11:00 UTC
From: s dot esser at ematters dot de Assigned:
Status: Closed Package: Unknown/Other Function
PHP Version: 4.0 Latest CVS (04/04/2001) OS: all
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: s dot esser at ematters dot de
New email:
PHP Version: OS:

 

 [2001-04-04 14:15 UTC] s dot esser at ematters dot de
When i was looking through the CVS version of php, i discovered the following piece of code in skeleton.c

---snip---

PHP_FUNCTION(confirm_extname_compiled)
{
        zval **arg;
        int len;
        char string[256];
...
...
...
len = sprintf(string, "Congratulations, you have successfully modified ....
t/extname/config.m4, module %s is compiled into PHP", Z_STRVAL_PP(arg));

---snap---

of course the sprintf could be used to perform a standart bufferoverflow. It should be better changed into ... %.50s ... or similiar to do not create a potential vulnerability.

As far as i can see ircg and cybermut sources still have the compile confirmation in them...

ciao,
Stefan Esser

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-04-06 11:00 UTC] elixer@php.net
Updated in CVS.  Thank you for your report.

Sean
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Nov 13 06:01:32 2024 UTC