php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #46399 cgi 'leaks' shell_exec output to webserver
Submitted: 2008-10-27 01:17 UTC Modified: 2008-10-27 11:50 UTC
From: stefan at konink dot de Assigned:
Status: Not a bug Package: CGI/CLI related
PHP Version: 5.2.6 OS: Linux 2.6.27
Private report: No CVE-ID: None
 [2008-10-27 01:17 UTC] stefan at konink dot de
Description:
------------
When a php-cgi issues an shell_exec that outputs code that is expected to be stored in the variable before it. The output is in fact leaked back over the fcgi connection, which will issue a 500.

I'm using the Cherokee webserver.

Reproduce code:
---------------
$debug = shell_exec('/usr/bin/nohup /usr/bin/inkscape -z --file='.$svgfile.' --export-width='.$width.' --export-height='.$height.' --export-png='.$pngfile);


The work around seems to be to add:

.' 2>&1 1>/dev/null'

Expected result:
----------------
Output to be stored in $debug.

Actual result:
--------------
Outputted over the fcgi line:

00000000 2f75 7372 2f62 696e 2f6e 6f68 7570 3a20 /usr/bin/nohup:.
 handler_fcgi.c:83: Parsing error: unknown version


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-10-27 10:16 UTC] lbarnaud@php.net
Could you please try the following and report what happens ?

<?php
file_put_contents("php://stderr", "php stderr\n");
echo "php stdout\n";
?>
 [2008-10-27 11:33 UTC] stefan at konink dot de
Warning: file_put_contents(php://stderr) [function.file-put-contents]: failed to open stream: Bad file descriptor in /opt/cherokee/var/www/bugs.php on line 2
php stdout 

The author of the webserver has asked me to also file a bug there.
 [2008-10-27 11:50 UTC] jani@php.net
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.

Please read the manual about CGI (and FastCGI) ini options. There is no bug here.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 23:01:26 2024 UTC