|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2005-09-21 13:48 UTC] tony2001@php.net
[2005-09-21 13:48 UTC] wez@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Mon Apr 29 08:01:29 2024 UTC |
Description: ------------ sqlite crashes php if "getcwd" fails due to restrictive permission in parent directories, for cli this is an annoyance, for php module in apache this is a local DoS null ptr dereference in sqliteOsFullPathname() Reproduce code: --------------- % mkdir -p test/test % cd test/test % echo '<?sqlite_open("a.db");?>' | php # all ok chmod 111 .. % pwd pwd: cannot determine current directory! % echo '<?sqlite_open("b.db");?>' | php Segmentation fault (core dumped) Expected result: ---------------- no crash Actual result: -------------- =>[1] strlen(0x0, 0x0, 0xffbf9f60, 0x7efefeff, 0x81010100, 0x0), at 0xef8b44e4 [2] sqliteSetString(0xffbfdf3c, 0x0, 0x3f9268, 0x539ca0, 0x0, 0x0), at 0x1fa914 [3] sqliteOsFullPathname(0x539ca0, 0x0, 0x0, 0x62, 0x0, 0x3f9000), at 0x1eb3cc [4] sqlitepager_open(0x51a854, 0x539ca0, 0x7d0, 0x118, 0x1, 0x46bc00), at 0x1ec3d0 [5] sqliteBtreeOpen(0x539ca0, 0x0, 0x7d0, 0x539cc4, 0x1, 0x51a850), at 0x1d2100 [6] sqlite_open(0x539ca0, 0x539cb8, 0xffbfe1d4, 0x539d28, 0x2, 0x539cc4), at 0x1e8fc4 [7] zif_sqlite_open(0x539ca0, 0x539c58, 0x0, 0x0, 0x480ce4, 0x1b6), at 0x1c421c [8] zend_do_fcall_common_helper(0x52bd80, 0x538480, 0x1, 0x498bf0, 0xffbfe2ec, 0x538490), at 0x39d83c [9] execute(0x534220, 0xffffffff, 0x39de10, 0xffbfe2ec, 0x4, 0x498c18), at 0x398964 [10] zend_execute_scripts(0x8, 0x0, 0xffbfe9c8, 0x416610, 0x416778, 0x2), at 0x35beb4 [11] php_execute_script(0xffbfe9c8, 0xffbfe910, 0x0, 0x49ae28, 0x0, 0x49ae38), at 0x2ecdfc [12] main(0x0, 0x1, 0xffffffff, 0x4940d8, 0x0, 0x41c000), at 0x3a58a4