|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #300 popen, when in safe mode, fails if you use a command with parameters
Submitted: 1998-04-22 09:19 UTC Modified: 1998-04-22 10:29 UTC
From: monti at vesatec dot com Assigned: rasmus (profile)
Status: Closed Package: Other
PHP Version: 3.0 Release Candidate 4 OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: monti at vesatec dot com
New email:
PHP Version: OS:


 [1998-04-22 09:19 UTC] monti at vesatec dot com
If safe mode, the popen command search the '/' character to
detect the presence of a path in the command to exec. This is
OK, but has a problem; if you execute a command with parameters,
for example:
  $fp=popen("ls dir/dir2","r")

it will fail because it will replace "ls dir" by the path to the
secure dir, trying to execute "dir2" from this.

I wrote a path to correct this problem; this patch must be
applied to file functions/file.c (where php3_popen function

The patch:

--------------------- CUT HERE -------------------------

< 	b = strrchr(arg1->value.str.val,'/');
> 	b = strchr(arg1->value.str.val,' ');
> 	if(!b) {
> 		b = strrchr(arg1->value.str.val,'/');
> 	} else {
> 		c = arg1->value.str.val;
> 		while((*b!='/')&&(b!=c)) b--;
> 		if(b==c) b=NULL;
> 	}

--------------------- CUT HERE -------------------------


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [1998-04-22 10:29 UTC] rasmus
Patch applied.  Thanks.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Jun 17 10:01:32 2024 UTC