php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #300 popen, when in safe mode, fails if you use a command with parameters
Submitted: 1998-04-22 09:19 UTC Modified: 1998-04-22 10:29 UTC
From: monti at vesatec dot com Assigned: rasmus (profile)
Status: Closed Package: Other
PHP Version: 3.0 Release Candidate 4 OS: Linux
Private report: No CVE-ID: None
 [1998-04-22 09:19 UTC] monti at vesatec dot com
If safe mode, the popen command search the '/' character to
detect the presence of a path in the command to exec. This is
OK, but has a problem; if you execute a command with parameters,
for example:
  $fp=popen("ls dir/dir2","r")

it will fail because it will replace "ls dir" by the path to the
secure dir, trying to execute "dir2" from this.

I wrote a path to correct this problem; this patch must be
applied to file functions/file.c (where php3_popen function
lives)

The patch:

--------------------- CUT HERE -------------------------


309c309,316
< 	b = strrchr(arg1->value.str.val,'/');
---
> 	b = strchr(arg1->value.str.val,' ');
> 	if(!b) {
> 		b = strrchr(arg1->value.str.val,'/');
> 	} else {
> 		c = arg1->value.str.val;
> 		while((*b!='/')&&(b!=c)) b--;
> 		if(b==c) b=NULL;
> 	}

--------------------- CUT HERE -------------------------


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [1998-04-22 10:29 UTC] rasmus
Patch applied.  Thanks.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Oct 10 00:01:27 2024 UTC