PHP :: Bug #33784 :: NUL allowed in file paths

Bug #33784	NUL allowed in file paths
Submitted:	2005-07-20 12:20 UTC	Modified:	2005-07-20 12:24 UTC
From:	pornel at despammed dot com	Assigned:
Status:	Not a bug	Package:	*Directory/Filesystem functions
PHP Version:	5CVS-2005-07-20 (dev)	OS:	All? Win32 tested
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	pornel at despammed dot com
New email:
PHP Version:		OS:

New Comment:

[2005-07-20 12:20 UTC] pornel at despammed dot com

Description:
------------
NUL character (C string terminator) is allowed in file paths passed to OS functions, which causes unexpected truncation of string.

This is a security risk for popular, sloppy code like:
 include($_GET['page'].'.i-feel-safe.php');
because ?page=/etc/passwd%00 circumvents such "protection".

IMHO PHP should throw an error if PHP string can't be safely converted to C string.


Reproduce code:
---------------
<?php
fopen(urldecode("test%00.html"),"r");

Expected result:
----------------
Error: illegal path

Actual result:
--------------
Warning: fopen(test) [function.fopen]: failed to open stream: No such file or directory in c:\www\test.php5 on line 2

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-07-20 12:24 UTC] tony2001@php.net

Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.

You should do all the required checks yourself.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Apr 20 03:01:28 2024 UTC