PHP :: Bug #75077 :: syslog messages need to be checked for conformance with RFC-3164 and RFC-5424

Bug #75077	syslog messages need to be checked for conformance with RFC-3164 and RFC-5424
Submitted:	2017-08-15 20:47 UTC	Modified:	2017-08-19 04:35 UTC
From:	philipp at redfish-solutions dot com	Assigned:
Status:	Open	Package:	Unknown/Other Function
PHP Version:	7.1.8	OS:	linux 4.9.40
Private report:	No	CVE-ID:

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	philipp at redfish-solutions dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2017-08-15 20:47 UTC] philipp at redfish-solutions dot com

Description:
------------
This issue came up in the discussions for bz #74860.

Basically, the only type of message explicitly and unequivocally allowed by the Syslog RFC's is NVT ASCII (i.e. hex characters 0x20-0x7E).

UTF-8 maybe used in compressed (shortest form) but it must be prefixed with a BOM (0xEF,0xBB,0xBF).

Also, see the discussion for PR #2674.



Test script:
---------------
<?php

ini_set("error_log", "syslog");

error_log("h\364pital stra\337e", 0);

error_log("this string \321\032\003", 0);

?>


Expected result:
----------------
It's not obvious what the correct behavior is in legacy cases which violate the RFC's.



Actual result:
--------------
Aug 15 14:43:07 ubuntu16 php7.0: h?pital stra?e
Aug 15 14:43:07 ubuntu16 php7.0: this string ?#032#003

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2017-08-16 19:16 UTC] philipp at redfish-solutions dot com

The more I think about this, the less I think it should be a security bug since there's nothing specific to PHP that makes it the vulnerability.  Can we please change this to "BUG" instead?

[2017-08-19 04:35 UTC] stas@php.net

-Type: Security +Type: Bug -Package: Output Control +Package: Unknown/Other Function

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2017 The PHP Group All rights reserved.	Last updated: Tue Aug 29 15:01:52 2017 UTC