php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #8921 Require() function : filename string not terminated correctly internally
Submitted: 2001-01-25 19:18 UTC Modified: 2001-03-16 17:40 UTC
From: mahony at cwa dot co dot nz Assigned:
Status: Closed Package: Unknown/Other Function
PHP Version: 4.0.4pl1 OS: Linux Debian Potato 2.2
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: mahony at cwa dot co dot nz
New email:
PHP Version: OS:

 

 [2001-01-25 19:18 UTC] mahony at cwa dot co dot nz
Hi,

I've found what appears to be a reproducable bug with random effects.

When I pass a seemingly perfect filename string to the Require() function it comes back (2 times out of 3) with extra characters at the end, causing the require function to fail to find the file. The characters are illustrated below, and many seem to be non-alphabetic. It looks like a C string buffer overflow problem (ie: the length of the string has been enlarged by a random amount between about 2 and 5 characters, and it's picking up additional characters directly out of memory).

This is the code that is executing :

if("" == $inc_filename) {
  print("You have to enter a filename first !");
}
else  // NON-Blank include filename
{
  print("Filename = ".$inc_filename);   // <<<<< Note : here the filename displays fine

  require( $inc_filename );   // <<<<< Note : here it is corrupted
}


These are the output lines I got  (note the crap at the end of the filename in the error message) :

 Filename = inc/britz/britzspg.inc
Fatal error: Failed opening required 'inc/britz/britzspg.inc???'  
(include_path='.:/usr/local/lib/php') in
/home/ekiwi/public_html/layout.php on line 199


  Filename = inc/britz/britzspg.inc
 Fatal error: Failed opening required 'inc/britz/britzspg.inc)y'
 (include_path='.:/usr/local/lib/php') in
/home/ekiwi/public_html/layout.php
 on line 199

 THEN IT WAS OK TWICE, followed by

 Filename = inc/britz/britzspg.inc
Fatal error: Failed opening required 'inc/britz/britzspg.inc'A'
 (include_path='.:/usr/local/lib/php') in
/home/ekiwi/public_html/layout.php
 on line 199

 Filename = inc/britz/britzspg.inc
Fatal error: Failed opening required 'inc/britz/britzspg.inc)?'
 (include_path='.:/usr/local/lib/php') in
/home/ekiwi/public_html/layout.php
 on line 199

To see this in action see : 
http://chips.cwa.co.nz:8080/display.php?FEATURE_ID=13

Be aware that it works perfectly about a third of the time, so keep pressing the refresh button on your browser until it throws the error. 


We're running Linux kernal 2.2.18

Our PHP config details are available at :
http://chips.cwa.co.nz/~ian/php.status.php



Hope this helps,

Simon Mahony,
Technical Director,
CWA New Media,
New Zealand.



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-02-06 20:55 UTC] mahony at cwa dot co dot nz
Work-around.
-----------
I've since found that the problem only manifests itself when variables are used as parameters to Require().
eg: 
$filename = "test.html";
require($filename);

If a string constant is used as a parameter the function performs correctly.
eg:
require("test.html");

Consequently I was able to solve my problem by using PHPs "evaluate variable within string" trick -
eg: 
$filename = "test.html";
require("$filename");

 [2001-03-16 17:40 UTC] sniper@php.net
Can't reproduce with latest CVS. Try the latest CVS snapshot
from http://snaps.php.net/ and reopen if problem persists.

--Jani

 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Wed Oct 23 21:01:33 2019 UTC