php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #67231 geoip_record_by_name and geoip_region_by_name may segfault with libGeoIP 1.5.0+
Submitted: 2014-05-08 03:41 UTC Modified: 2014-11-20 20:58 UTC
Votes:3
Avg. Score:5.0 ± 0.0
Reproduced:3 of 3 (100.0%)
Same Version:2 (66.7%)
Same OS:1 (33.3%)
From: anthon at piwik dot org Assigned:
Status: Duplicate Package: geoip (PECL)
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: anthon at piwik dot org
New email:
PHP Version: OS:

 

 [2014-05-08 03:41 UTC] anthon at piwik dot org
Description:
------------
In libGeoIP 1.5.0, the GeoIP_open_type() function checks the database type matches.

https://github.com/maxmind/geoip-api-c/commit/ae949673a7f3c96cf754880ef4e61ec312b3fb71

As a result, the function can now return NULL.

Since GEOIP_CITY_EDITON_REV0 and GEOIP_CITY_EDITION_REV1 both use the same filenames (similarly for the region database types), GeoIP_db_avail() may be lying (as it only checks to see if the file exists; it doesn't open the database to see if the type matches).


Test script:
---------------
Installing a rev 0 city database, and then calling geoip_record_by_name(''); will cause a Segmentation fault.



Patches

geoip.patch (last revision 2014-05-08 03:46 UTC by anthon at piwik dot org)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-11-20 20:58 UTC] ohill@php.net
-Status: Open +Status: Duplicate
 [2014-11-20 20:58 UTC] ohill@php.net
Dups #68277
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Dec 03 08:01:28 2024 UTC