PHP :: Bug #11364 :: ob_start overflow ?

Bug #11364	ob_start overflow ?
Submitted:	2001-06-08 14:37 UTC	Modified:	2001-06-08 15:20 UTC
From:	sebastien dot blon at nfrance dot com	Assigned:
Status:	Closed	Package:	Output Control
PHP Version:	4.0.4pl1	OS:	OpenBSD 2.7
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2001-06-08 14:37 UTC] sebastien dot blon at nfrance dot com

Our apache server crashed several times. We found out that before
each crash, the error_log file grows up to 2 GBytes, containing the HTML code from  one page of a particular site (always the same page).

We checked this page and found that it was using ob_start() function.
After the desactivation of this function in php.ini, the server does not crash
any more.

We think there is perhaps a potential security hole in this function because
if datas can be writen into error_log , they might be written anywhere else.

Let us know about it

Regards,

S?bastien BLON

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-06-08 15:20 UTC] sniper@php.net

This should be fixed in PHP 4.0.5. But please try the
soon to be released 4.0.6 release candidate 3:

http://www.php.net/~andi/php-4.0.6RC3.tar.gz


--Jani

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Apr 20 06:01:28 2024 UTC