|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2011-09-15 03:16 UTC] thinhhq at vng dot com dot vn
[2011-09-15 05:07 UTC] rasmus@php.net
-Status: Open
+Status: Bogus
[2011-09-15 05:07 UTC] rasmus@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Sat May 04 11:01:32 2024 UTC |
Description: ------------ Buffer overflow flaw found in /php-5.3.8/ext/ereg/regex/split.c Test script: --------------- from line 150 to line 170 ---snip snip --- int main(argc, argv) int argc; char *argv[]; { char buf[512]; register int n; # define MNF 10 char *fields[MNF]; if (argc > 4) for (n = atoi(argv[3]); n > 0; n--) { (void) strcpy(buf, argv[1]); //<--buffer overflow occurs if lenght(argv[1])>512 bytes } else if (argc > 3) for (n = atoi(argv[3]); n > 0; n--) { (void) strcpy(buf, argv[1]);//<--buffer overflow occurs if lenght(argv[1])>512 bytes (void) split(buf, fields, MNF, argv[2]); } else if (argc > 2) dosplit(argv[1], argv[2]); ---snip snip ---