PHP :: Bug #16811 :: Crash in shell_exec when popen fails (fix included)

Bug #16811	Crash in shell_exec when popen fails (fix included)
Submitted:	2002-04-24 19:36 UTC	Modified:	2002-04-25 10:04 UTC
From:	swbrown at ucsd dot edu	Assigned:
Status:	Closed	Package:	Reproducible crash
PHP Version:	4.2.0	OS:	any
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2002-04-24 19:36 UTC] swbrown at ucsd dot edu

(This web form will probably eat the diff, so you can also get it here: http://www.cs.ucsd.edu/~sbrown/php-shell_exec-fix.diff)

If PHP is resource-starved and can't popen, the shell_exec function detects the error but forgets to return, resulting in a NULL (FILE *) being passed to fread on line 466 of exec.c (PHP 4.2.0) which causes a crash.  This patch adds the missing RETURN_FALSE.

Steven Brown <swbrown@ucsd.edu>


--- php-4.2.0/ext/standard/exec.c	Tue Dec 11 07:30:29 2001
+++ php-4.2.0-fixed/ext/standard/exec.c	Wed Apr 24 15:39:56 2002
@@ -459,6 +459,7 @@
 	if ((in=VCWD_POPEN(Z_STRVAL_PP(cmd), "r"))==NULL) {
 #endif
 		php_error(E_WARNING, "Unable to execute '%s'", Z_STRVAL_PP(cmd));
+		RETURN_FALSE;
 	}
 	allocated_space = EXEC_INPUT_BUF;
 	ret = (char *) emalloc(allocated_space);

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-04-25 02:45 UTC] derick@php.net

This bug has been fixed in CVS.

[2002-04-25 10:04 UTC] sniper@php.net

And the fix will be in PHP 4.2.1

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat May 18 12:01:32 2024 UTC