|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #11364 ob_start overflow ?
Submitted: 2001-06-08 14:37 UTC Modified: 2001-06-08 15:20 UTC
From: sebastien dot blon at nfrance dot com Assigned:
Status: Closed Package: Output Control
PHP Version: 4.0.4pl1 OS: OpenBSD 2.7
Private report: No CVE-ID: None
 [2001-06-08 14:37 UTC] sebastien dot blon at nfrance dot com
Our apache server crashed several times. We found out that before
each crash, the error_log file grows up to 2 GBytes, containing the HTML code from  one page of a particular site (always the same page).

We checked this page and found that it was using ob_start() function.
After the desactivation of this function in php.ini, the server does not crash
any more.

We think there is perhaps a potential security hole in this function because
if datas can be writen into error_log , they might be written anywhere else.

Let us know about it


S?bastien BLON


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2001-06-08 15:20 UTC]
This should be fixed in PHP 4.0.5. But please try the
soon to be released 4.0.6 release candidate 3:


PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon May 27 23:01:30 2024 UTC