php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #76066 Information leaked?
Submitted: 2018-03-08 06:13 UTC Modified: 2018-03-10 14:52 UTC
From: zhihua dot yao at dbappsecurity dot com dot cn Assigned:
Status: Not a bug Package: Filesystem function related
PHP Version: 7.2.3 OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: zhihua dot yao at dbappsecurity dot com dot cn
New email:
PHP Version: OS:

 

 [2018-03-08 06:13 UTC] zhihua dot yao at dbappsecurity dot com dot cn 
Description:
------------
Hello,PHP Security Team,
Because I am not familiar with the ssl protocol.I don't know if the leaked information is normal return information.At the same time,I also do not know whether it is a security bug or not a bug.

Test script:
---------------
first step:
 nc -lvv 8080
Listening on [0.0.0.0] (family 0, port 8080)




second step:
./php-7.2.3/sapi/cli/php -r 'file_get_contents("https://127.0.0.1:8080"); '

Then,it will leak information.file_get_contents function could be placed other functions.


Actual result:
--------------
Listening on [0.0.0.0] (family 0, port 8080)
Connection from [127.0.0.1] port 8080 [tcp/http-alt] accepted (family 2, sport 53810)

er�o�����!X�|L�
R%����r�fb�/�+�0�,�����'�#��	�(�$�
g3@k89��2�1�-�)�%�</j�2�.�*�&�=5���EDA�
                                          	127.0.0.1
                                                         
2

 	
 

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-03-09 21:10 UTC] stas@php.net
-Status: Open +Status: Not a bug
 [2018-03-09 21:10 UTC] stas@php.net 
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

Don't see any information leak in the code described.
 [2018-03-09 22:48 UTC] pollita@php.net 
This is literally how an SSL/TLS handshake is supposed to work.

The client sends a "Hello" packet advertising things like what ciphers it supports and (optionally, but in this case yes) an SNI (Server Name Indicator) to tell the remote end what hostname it's connecting to.  This is used for https to support virtualhost (multiple hostnames served by the same web server).

Not a leak, not a bug. Absolutely working as intended.
 [2018-03-10 14:52 UTC] cmb@php.net
-Type: Security +Type: Bug
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 13:01:30 2024 UTC