ID: 10167
Updated by: elixer
Reported By: [EMAIL PROTECTED]
Old-Status: Open
Status: Closed
Bug Type: Unknown/Other Function
Assigned To:
Comments:
Updated in CVS. Thank you for your report.
Sean
Previous Comments:
---------------------------------------------------------------------------
[2001-04-04 14:15:42] [EMAIL PROTECTED]
When i was looking through the CVS version of php, i discovered the following piece of
code in skeleton.c
---snip---
PHP_FUNCTION(confirm_extname_compiled)
{
zval **arg;
int len;
char string[256];
...
...
...
len = sprintf(string, "Congratulations, you have successfully modified ....
t/extname/config.m4, module %s is compiled into PHP", Z_STRVAL_PP(arg));
---snap---
of course the sprintf could be used to perform a standart bufferoverflow. It should be
better changed into ... %.50s ... or similiar to do not create a potential
vulnerability.
As far as i can see ircg and cybermut sources still have the compile confirmation in
them...
ciao,
Stefan Esser
---------------------------------------------------------------------------
ATTENTION! Do NOT reply to this email!
To reply, use the web interface found at http://bugs.php.net/?id=10167&edit=2
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
