php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #33329 big leak with readdir
Submitted: 2005-06-14 02:27 UTC Modified: 2005-06-14 02:47 UTC
From: jbriscoe at gmail dot com Assigned:
Status: Not a bug Package: Directory function related
PHP Version: 5.0.3 OS: windows - all
Private report: No CVE-ID: None
 [2005-06-14 02:27 UTC] jbriscoe at gmail dot com
Description:
------------
I couldnt find anyone who has reported this before, but
there is a big leak with the readdir function.
I was playing with the code and found that you can use is to read the root directory, or any dir for that matter, 
that is a security risk!!!!!!

here is the code -

Hope this helps fix the problem.

Reproduce code:
---------------
function GetDirContents($dir){
   ini_set("max_execution_time",10);
   if (!is_dir($dir)){die ("OOps");}
   if ($root=@opendir($dir)){
       while ($file=readdir($root)){
           if($file=="." || $file==".."){continue;}
       
         
           $files[]=$dir.$file;
           for($x=0; $x<sizeof($files);$x++)
           print $files[$x]<br>";
       }
   }
   return $files;
}


Expected result:
----------------
It will print all of the directories and files
depending on the input.(even the root!!!)

Actual result:
--------------
It will print all of the directories and files
depending on the input.(even the root!!!)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-06-14 02:47 UTC] iliaa@php.net
Wow, you've read the manual, bravo!
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Fri Dec 04 19:01:23 2020 UTC