|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #300 popen, when in safe mode, fails if you use a command with parameters
Submitted: 1998-04-22 09:19 UTC Modified: 1998-04-22 10:29 UTC
From: monti at vesatec dot com Assigned: rasmus (profile)
Status: Closed Package: Other
PHP Version: 3.0 Release Candidate 4 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
Solve the problem:
7 + 24 = ?
Subscribe to this entry?

 [1998-04-22 09:19 UTC] monti at vesatec dot com
If safe mode, the popen command search the '/' character to
detect the presence of a path in the command to exec. This is
OK, but has a problem; if you execute a command with parameters,
for example:
  $fp=popen("ls dir/dir2","r")

it will fail because it will replace "ls dir" by the path to the
secure dir, trying to execute "dir2" from this.

I wrote a path to correct this problem; this patch must be
applied to file functions/file.c (where php3_popen function

The patch:

--------------------- CUT HERE -------------------------

< 	b = strrchr(arg1->value.str.val,'/');
> 	b = strchr(arg1->value.str.val,' ');
> 	if(!b) {
> 		b = strrchr(arg1->value.str.val,'/');
> 	} else {
> 		c = arg1->value.str.val;
> 		while((*b!='/')&&(b!=c)) b--;
> 		if(b==c) b=NULL;
> 	}

--------------------- CUT HERE -------------------------


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [1998-04-22 10:29 UTC] rasmus
Patch applied.  Thanks.
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Tue Jun 06 23:03:36 2023 UTC