php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75077 syslog messages need to be checked for conformance with RFC-3164 and RFC-5424
Submitted: 2017-08-15 20:47 UTC Modified: 2017-08-19 04:35 UTC
From: philipp at redfish-solutions dot com Assigned:
Status: Open Package: Unknown/Other Function
PHP Version: 7.1.8 OS: linux 4.9.40
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2017-08-15 20:47 UTC] philipp at redfish-solutions dot com
Description:
------------
This issue came up in the discussions for bz #74860.

Basically, the only type of message explicitly and unequivocally allowed by the Syslog RFC's is NVT ASCII (i.e. hex characters 0x20-0x7E).

UTF-8 maybe used in compressed (shortest form) but it must be prefixed with a BOM (0xEF,0xBB,0xBF).

Also, see the discussion for PR #2674.



Test script:
---------------
<?php

ini_set("error_log", "syslog");

error_log("h\364pital stra\337e", 0);

error_log("this string \321\032\003", 0);

?>


Expected result:
----------------
It's not obvious what the correct behavior is in legacy cases which violate the RFC's.



Actual result:
--------------
Aug 15 14:43:07 ubuntu16 php7.0: h?pital stra?e
Aug 15 14:43:07 ubuntu16 php7.0: this string ?#032#003


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-08-16 19:16 UTC] philipp at redfish-solutions dot com
The more I think about this, the less I think it should be a security bug since there's nothing specific to PHP that makes it the vulnerability.  Can we please change this to "BUG" instead?
 [2017-08-19 04:35 UTC] stas@php.net
-Type: Security +Type: Bug -Package: Output Control +Package: Unknown/Other Function
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC