php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Sec Bug #55645 buffer overflow in Split.c (test case only?)
Submitted: 2011-09-08 17:08 UTC Modified: 2011-09-15 05:07 UTC
From: thinhhq at vng dot com dot vn Assigned:
Status: Not a bug Package: Regexps related
PHP Version: 5.3.8 OS: All
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
16 - 15 = ?
Subscribe to this entry?

 
 [2011-09-08 17:08 UTC] thinhhq at vng dot com dot vn
Description:
------------
Buffer overflow flaw found in /php-5.3.8/ext/ereg/regex/split.c

Test script:
---------------
from line 150 to line 170 
---snip snip ---

int
main(argc, argv)
int argc;
char *argv[];
{
	char buf[512];
	register int n;
#	define	MNF	10
	char *fields[MNF];

	if (argc > 4)
		for (n = atoi(argv[3]); n > 0; n--) {
			(void) strcpy(buf, argv[1]); //<--buffer overflow occurs if lenght(argv[1])>512 bytes
		}
	else if (argc > 3)
		for (n = atoi(argv[3]); n > 0; n--) {
			(void) strcpy(buf, argv[1]);//<--buffer overflow occurs if lenght(argv[1])>512 bytes
			(void) split(buf, fields, MNF, argv[2]);
		}
	else if (argc > 2)
		dosplit(argv[1], argv[2]);
---snip snip ---



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-09-15 03:16 UTC] thinhhq at vng dot com dot vn
nothing response so far?
 [2011-09-15 05:07 UTC] rasmus@php.net
-Status: Open +Status: Bogus
 [2011-09-15 05:07 UTC] rasmus@php.net
As per the README in that directory, split.c is a standalone regression test for 
the regex library. It is not compiled into PHP and we don't even use those tests 
since we have our own separate regression testing mechanism.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Mar 03 23:01:32 2024 UTC