|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2016-05-04 10:10 UTC] alessandro dot lai85 at gmail dot com
Description: ------------ I've discovered a bug in the ssh2_exec function, due to using an OO wrapping library (https://github.com/Herzult/php-ssh). The library has obviously default values for parameters that are passed to the SSH2 functions, so it passes an empty array to the $env parameter when nothing is passed by the user. I've been able to reproduce the bug with 3 lines of code, attached here in the test script. Uncovered using: - PHP 7.0.6 - ssh2 extension installed using master blob from Gitlab (https://github.com/php/pecl-networking-ssh2), using latest commit (aa1739a, Mar 25th) - php:7.0.6-fpm official DockerHub derived dockerfile Test script: --------------- <?php $connection = ssh2_connect('somehost.example.com', 22); ssh2_auth_password($connection, 'user', 'password'); ssh2_exec($connection, 'pwd', null, []); Expected result: ---------------- Normal execution, exit code 0 Actual result: -------------- Segmentation fault Patchesssh2-env.patch (last revision 2016-05-06 16:17 UTC by krakjoe@php.net)Pull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Tue Nov 04 13:00:02 2025 UTC |
UPDATE: the segfault happens even with non-empty arrays! This piece of code segfaults too: Test script (2): --------------- <?php $connection = ssh2_connect('somehost.example.com', 22); ssh2_auth_password($connection, 'user', 'password'); ssh2_exec($connection, 'pwd', null, ['test' => true]);