php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Return to Bug #61910
Patch php-cgi-disable-argv revision 2012-05-06 00:14 UTC by neweracracker at gmail dot com
Patch CVE-2012-1823.patch revision 2012-05-05 20:59 UTC by tyukish at parallels dot com
Patch cgi.diff-fix-check.patch revision 2012-05-04 01:08 UTC by erik at pizzadoos dot com
Patch cgi.diff revision 2012-05-02 18:45 UTC by rasmus@php.net

Patch php-cgi-disable-argv for CGI/CLI related Bug #61910

Patch version 2012-05-06 00:14 UTC

Return to Bug #61910 | Download this patch
Patch Revisions:

Developer: neweracracker@gmail.com


Disable argument parsing when invoked as CGI (and NOT when invoked as
FastCGI.)  This to prevent programs from passing arguments to php-cgi
via the query string as specified by RFC 3875. [1]

This patch may break CGI scripts that depend on arguments passed via
shebang arguments, eg. '#!/usr/bin/php-cgi -dmagic_quotes_gpc=Off',
but this is inherently unsafe, since these arguments may have come from
the network.

Backward compatibility could theoretically be faked by parsing the
shebang arguments from the file itself, but this leads to a circular
dependency since the script filename depends on the configuration which
may be changed in the shebang line of the file (due to cgi.fix-pathinfo.)

[1] http://www.ietf.org/rfc/rfc3875

Index: sapi/cgi/cgi_main.c
===================================================================
--- sapi/cgi/cgi_main.c	(revision 322984)
+++ sapi/cgi/cgi_main.c	(working copy)
@@ -1552,7 +1552,7 @@
 		}
 	}
 
-	while ((c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 0, 2)) != -1) {
+	if (!cgi) while ((c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 0, 2)) != -1) {
 		switch (c) {
 			case 'c':
 				if (cgi_sapi_module.php_ini_path_override) {
@@ -1801,7 +1801,7 @@
 	}
 
 	zend_first_try {
-		while ((c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 1, 2)) != -1) {
+		if (!cgi) while ((c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 1, 2)) != -1) {
 			switch (c) {
 				case 'T':
 					benchmark = 1;
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 17 01:01:56 2014 UTC