PHP :: Bug #68791 :: Insecure temp file creation

Bug #68791

Insecure temp file creation

Submitted:

2015-01-10 17:17 UTC

Modified:

2020-03-04 11:11 UTC

Votes:	1
Avg. Score:	3.0 ± 0.0
Reproduced:	0 of 0 (0.0%)

From:

bugreports at internot dot info

Assigned:

remi (profile)

Status:

Closed

Package:

Zip Related

PHP Version:

master-Git-2015-01-10 (Git)

OS:

Linux Ubuntu 14.04

Private report:

CVE-ID:

None

View Developer Edit

[2015-01-10 17:17 UTC] bugreports at internot dot info

Description:
------------
Hi,

In /ext/zip/lib/zip_close.c:

613    if ((tfd=mkstemp(temp)) == -1) {

mkstemp is called, but the umask is not securely set first.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2016-09-05 18:44 UTC] cmb@php.net

-Status: Open +Status: Analyzed

[2016-09-05 18:44 UTC] cmb@php.net

Actually, this is a libzip issue that has been fixed as of libzip
1.0 (at least)[1], and PHP 7 already has at least libzip 1.0.1.

PHP 5.6, however, still ships with libzip 0.11.2, so the fix needs
to be backported. The respective mkstemp() call is in
zip_close.c[2].

[1] <http://hg.nih.at/libzip/rev/d3ac0a768127>
[2] <https://github.com/php/php-src/blob/PHP-5.6.26/ext/zip/lib/zip_close.c#L613>

[2020-03-04 11:11 UTC] remi@php.net

-Status: Analyzed +Status: Closed -Assigned To: +Assigned To: remi

[2020-03-04 11:11 UTC] remi@php.net

Closing as 5.x is now EOL, PHP 7.2/7.3 have libzip 1.1.2, and since 7.4, libzip is no more bundled.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Dec 26 22:01:28 2024 UTC