ID: 30439 Updated by: [EMAIL PROTECTED] Reported By: dmp-php at dplhenterprises dot com -Status: Open +Status: Feedback Bug Type: FTP related Operating System: Windows 2000 PHP Version: 4.3.9 New Comment:
Please try using this CVS snapshot: http://snaps.php.net/php4-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php4-win32-STABLE-latest.zip Previous Comments: ------------------------------------------------------------------------ [2004-12-17 16:32:01] ajbaas at cs dot uu dot nl For me, this problem was resolved with php 4.3.10. Can someone else confirm? ------------------------------------------------------------------------ [2004-12-12 05:48:46] sirbinam at hotmail dot com I submitted a patch to the internals list in response to bug# 27633, that *may* fix this problem. I found 2 problems, one, *some* servers send a '\r' before every '\n', so if the source file has '\r\n' style line endings the buffer on the client side contains '\r\r\n' and the code didn't handle this. Secondly, I noticed in my testing of the original code that if the data in the buffer ended with a line ending that the pointer would be moved past the end of the data, and write garbage data to the stream, there were a bunch of null characters, and data from other processes. This would only apply to win32 systems doing transfers in ascii mode. ------------------------------------------------------------------------ [2004-12-10 18:21:18] a dot j dot baas at students dot uu dot nl I have tested this also, but on a linux machine, i think working with proftpd. For me, i stumbled uppon this issue when downloading small files with a huge amount of linebrakes. the issue should be rated high, because i get what looks like a dump of the php memory, including some source code of other sites that run on the server. I could easily exploit this to retreive database passwords etc. it also causes the script that does the downloading to crash without outputting anything to the browser. If you need additional testcases(i still have the txt file that causes the crash) please let me know. ------------------------------------------------------------------------ [2004-11-29 12:15:57] mailbox2 at ibelgique dot com Hi, Here is a test script. When fixing this bug, please also look at bug 27633 which may be related. Thanks! David <?php // Test script for PHP bugs 27633 and 30439 $ftpserver = "ftp.belnet.be"; $username = "anonymous"; $password = "[email protected]"; $localfile = dirname(__FILE__) . "/test-ftp-output.txt"; // Chmod 777 if necessary $remotefile = "/mirror/ftp.php.net/index.php"; $ftpmode = FTP_ASCII; // without quotes echo "<html>--- Script start ---<br />\n"; $conn_id = ftp_connect($ftpserver); if ($conn_id == false) { echo "Could not connect to FTP server $ftpserver.<br />\n"; exit(); } $result_login = ftp_login($conn_id, $username, $password); if ($result_login == false) { echo "Could not login to FTP server $ftpserver.<br />\n"; exit(); } $result_get = ftp_get($conn_id, $localfile, $remotefile, $ftpmode); if ($result_get == false) { echo "Could not get the remote file $remotefile to the local file $localfile.<br />\n"; exit(); } ftp_close($conn_id); echo "--- Script end ---<br /></html>\n"; ?> ------------------------------------------------------------------------ [2004-11-27 16:58:50] [EMAIL PROTECTED] Thank you for this bug report. To properly diagnose the problem, we need a short but complete example script to be able to reproduce this bug ourselves. A proper reproducing script starts with <?php and ends with ?>, is max. 10-20 lines long and does not require any external resources such as databases, etc. If possible, make the script source available online and provide an URL to it here. Try avoid embedding huge scripts into the report. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/30439 -- Edit this bug report at http://bugs.php.net/?id=30439&edit=1
