php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #25174 Wrong handling of readlink() in OS/Guess.php
Submitted: 2003-08-20 06:55 UTC Modified: 2003-10-24 01:35 UTC
Votes:2
Avg. Score:3.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: mk362 at mch dot osram dot de Assigned: cellog (profile)
Status: Closed Package: PEAR related
PHP Version: 4.3.2 OS: SuSE Linux 8.2, 7.3, 7.2
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: mk362 at mch dot osram dot de
New email:
PHP Version: OS:

 

 [2003-08-20 06:55 UTC] mk362 at mch dot osram dot de
Description:
------------
Hi,

during upgrade of PEAR I noticed the following on my SuSE Linux 7.3:
---
 Release Warnings
 ================
 w

 w
 downloading PEAR-1.2.tgz ...
 ...done: 83,109 bytes

 Warning: readlink() [http://www.php.net/function.readlink]: Invalid
 argument in Guess.php on line 181
 upgrade-all ok: PEAR 1.2
---
This didn't happen in SuSE 8.2, but I think just because the program didn't come to that point.

Looking into the code revealed that there is a readlink() call without error checking in line 181:

---
 if (ereg('^libc-([.*])\.so$', 
                basename(readlink('/lib/libc.so.6')),
---

and in case libc.so.6 is a regular file this will return FALSE instead of a string for basename() for both versions of my Linux.

I guess one should implement proper error checking here. Possibly this was never tested anyway, because most systems might already circumvent the problem by getting $major and $minor a step earlier via the call of "/usr/bin/cpp".

Marko

Reproduce code:
---------------
<?php
error_reporting(0);
require_once('OS/Guess.php');

if(readlink('/lib/libc.so.6') == FALSE) 
   echo "Readlink call on /lib/libc.so.6 failed\n";
?>

Actual result:
--------------
Content-type: text/html
X-Powered-By: PHP/4.3.1

Readlink call on /lib/libc.so.6 failed


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-08-24 10:13 UTC] nohn@php.net
verified on suse 7.2, php 4.3.2

downloading PEAR-1.2.1.tgz ...
...done: 83,126 bytes

Notice: Undefined offset:  1 in Guess.php on line 173

Warning: readlink(): Invalid argument in Guess.php on line 181
upgrade-all ok: PEAR 1.2.1
 [2003-08-24 12:16 UTC] cellog@php.net
I don't have SuSE linux.  nohn,do you have enough knowhow to provide a patch for this?  I can't be sure that anything I would do fixes this.  If not, just assign it back to me.

I can commit a patch you provide.

Greg
 [2003-08-24 12:38 UTC] nohn@php.net
Hmmm... After upgrading to PEAR 1.2.1 by hand everything works fine. So this already seems to be closed.

Verified this on another SuSE-Machine (SuSE 7.3)
 [2003-08-28 04:23 UTC] mk362 at mch dot osram dot de
Hi Nohn,

did you do the test case from the "reproduce code" section? 

Even with an upgraded PEAR you will produce this error, since that code wasn't changed at all.

Marko
 [2003-08-28 04:25 UTC] mk362 at mch dot osram dot de
Status is still OPEN.
Marko
 [2003-09-01 09:34 UTC] mk362 at mch dot osram dot de
Hi, 

since there's no response up to now, I'd recommend to modify Guess.php:line 179 from
---
if (!($major && $minor) && file_exists('/lib/libc.so.6')) 
---
to
---
if (!($major && $minor) && is_link('/lib/libc.so.6')) 
---
to prevent that the program creates problems in case the lib is not symbolically linked.

Marko
 [2003-10-24 01:35 UTC] cellog@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.

finally applied Marko's fix.

Greg
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Mon Jul 26 02:01:23 2021 UTC