Bug #61043 [Com]: Regression in magic_quotes_gpc fix (CVE-2012-0831)

Fri, 10 Feb 2012 05:42:17 -0800 

Edit report at https://bugs.php.net/bug.php?id=61043&edit=1

 ID:                 61043
 Comment by:         ond...@php.net
 Reported by:        ond...@php.net
 Summary:            Regression in magic_quotes_gpc fix (CVE-2012-0831)
 Status:             Open
 Type:               Bug
 Package:            Variables related
 PHP Version:        5.3SVN-2012-02-10 (SVN)
 Block user comment: N
 Private report:     N

 New Comment:

I can confirm that the attached patch fixes the reported problem:

root@howl:/tmp# /tmp/buildd/php5-5.3.3/cgi-build/sapi/cli/php  -c /tmp/php.ini -
r 'var_dump(ini_get("magic_quotes_gpc"));'
string(1) "1"
root@howl:/tmp# grep ^magic_quotes_gpc /tmp/php.ini 
magic_quotes_gpc = On
root@howl:/tmp# /tmp/buildd/php5-5.3.3/cgi-build/sapi/cli/php  -c /tmp/php.ini -
r 'var_dump(ini_get("magic_quotes_gpc"));'
string(1) "1"
root@howl:/tmp# emacs php.ini 
root@howl:/tmp# grep ^magic_quotes_gpc /tmp/php.ini 
magic_quotes_gpc = Off
root@howl:/tmp# /tmp/buildd/php5-5.3.3/cgi-build/sapi/cli/php  -c /tmp/php.ini -
r 'var_dump(ini_get("magic_quotes_gpc"));'
string(0) ""


Previous Comments:
------------------------------------------------------------------------
[2012-02-10 12:44:17] ond...@php.net

The following patch has been added/updated:

Patch Name: magic_quotes_gpc-regression
Revision:   1328877857
URL:        
https://bugs.php.net/patch-display.php?bug=61043&patch=magic_quotes_gpc-regression&revision=1328877857

------------------------------------------------------------------------
[2012-02-10 12:43:45] ond...@php.net

Description:
------------
Description available here:

https://bugs.launchpad.net/ubuntu/+source/php5/+bug/930115


Basically the attached patch does replace the second location of 
PG(magic_quotes_gpc) with the zend_alter_ini_entry_ex:


-       PG(magic_quotes_gpc) = magic_quotes_gpc;
+
+       if (magic_quotes_gpc) {
+               zend_alter_ini_entry_ex("magic_quotes_gpc", 
sizeof("magic_quotes_gpc"), "1", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 
TSRMLS_CC);
+       }

I could be wrong, since my knowledge of PHP internals is lim(knowledge) = 0, 
but 
this seems to follow the logic of first change.



------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=61043&edit=1

Reply via email to