php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #71625 Crash in php7.dll
Submitted: 2016-02-18 13:58 UTC Modified: 2016-02-18 14:03 UTC
From: pavtov90 at gmail dot com Assigned:
Status: Closed Package: PHAR related
PHP Version: 7.0.3 OS: Windows 7 64bit
Private report: No CVE-ID:
 [2016-02-18 13:58 UTC] pavtov90 at gmail dot com
Description:
------------
When you call this code will immediately crash the server itself .

Test script:
---------------
<?php
$phar = new Phar("A:A:.phar");
$phar[hello_habr.txt] = '<? Hello Habr!?>';
?>

or web

<?php
phpinfo();
$phar = new Phar($_GET[a].".phar");
$phar[hello_habr.txt] = '<? Hello Habr!?>';
?>

http://localhost/1.php?a=A:A:


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-02-18 14:00 UTC] pavtov90 at gmail dot com
testing live version PHP Version. : 5.3.13 , 7.0.0, 7.0.3

Actual result: crash in php7.dll
 [2016-02-18 14:03 UTC] pavtov90 at gmail dot com
-Summary: 1 +Summary: Crash in php7.dll
 [2016-02-18 14:03 UTC] pavtov90 at gmail dot com
1
 [2016-02-18 18:34 UTC] ab@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=0445abd547f4d7c4c694e2458d0581033e37398b
Log: Fixed bug #71625 Crash in php7.dll with bad phar filename
 [2016-02-18 18:34 UTC] ab@php.net
-Status: Open +Status: Closed
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Wed Jun 28 12:01:42 2017 UTC