PHP :: Bug #14046 :: segfaults due to curlopt not checking file handles are valid

Bug #14046	segfaults due to curlopt not checking file handles are valid
Submitted:	2001-11-13 21:20 UTC	Modified:	2001-11-20 05:59 UTC
From:	alan_k at hklc dot com	Assigned:	sterling (profile)
Status:	Closed	Package:	cURL related
PHP Version:	4.0CVS-2001-11-13	OS:	debian linux
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	alan_k at hklc dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2001-11-13 21:20 UTC] alan_k at hklc dot com

curlopt does not check that file handles are valid - so if you send it a string for CURL_INFILE it will segfault.

patch below
Index: curl.c
===================================================================
RCS file: /repository/php4/ext/curl/curl.c,v
retrieving revision 1.97
diff -u -r1.97 curl.c
--- curl.c      13 Nov 2001 11:47:52 -0000      1.97
+++ curl.c      14 Nov 2001 02:16:47 -0000
@@ -706,8 +706,13 @@
        case CURLOPT_INFILE: 
        case CURLOPT_WRITEHEADER:
        case CURLOPT_STDERR: {
-               FILE *fp;
+               FILE *fp=NULL;
                ZEND_FETCH_RESOURCE(fp, FILE *, zvalue, -1, "File-Handle", php_file_le_fopen());
+                if (!fp) {
+                       php_error(E_WARNING,    "You must pass a file handle with the CURLOPT_FILE,"
+                                         "CURLOPT_INFILE, CURLOPT_WRITEHEADER and CURLOPT_STDERR arguments");
+                       RETURN_FALSE;
+               }
 
                error = CURLE_OK;
                switch (option) {

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-11-14 02:25 UTC] derick@php.net

Assigned this to you sterling, cause you're the cURL master here.

Derick

[2001-11-20 05:59 UTC] sterling@php.net

RETURN_FALSE; is enough, since ZEND_FETCH_RESOURCE() will complain with an E_WARNING... Will modify source, in next commit with POSTFIELDS commit...

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Apr 20 01:01:28 2024 UTC