Re: [PHP-DEV] Bug #10447 Updated: ccvs_*() functions segfault whengiven invalid session ID

Mon, 23 Apr 2001 08:05:06 -0700 

I'm more or less of the same mindset here: my big problem obviously is that
we are allowing the PHP binary to segfault and this is BAD.

I will try calling RedHat today and see if I can't convince them to fix this
at their level.

We should come up with some kind of course of action to prevent PHP From
coring however.

-Brendan
----- Original Message -----
From: "Sterling Hughes" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Sunday, April 22, 2001 10:52
Subject: Re: [PHP-DEV] Bug #10447 Updated: ccvs_*() functions segfault
whengiven invalid session ID


On 23 Apr 2001 [EMAIL PROTECTED] wrote:

> ID: 10447
> Updated by: bmcadams
> Reported By: [EMAIL PROTECTED]
> Old-Status: Analyzed
> Status: Assigned
> Bug Type: CCVS related
> PHP Version: 4.0 Latest CVS (22/04/2001)
> Assigned To: [EMAIL PROTECTED]
> Comments:
>
> The fix that sterling put in place will at the least check if the session
being passed is a string value: this still doesn't protect from someone
arbitrarily passing any old string (for example "crash_ccvs").
>
Actually, more accurately, it will check to see if it has a value at all.

> While obviously it is up to the programmer to be smart and not pass a bad
session to CCVS, CCVS Should not be segfaulting if they pass a bad value.
>
> I am looking into a way to trap this value from being bad.
>

I would personally mark anything further up as a bug in CCVS, not PHP.
And perhaps file a bug with the CCVS folk...  The other option (storing
the allocated sessions and checking to see if the passed session is in
that list), seems like a lot of overhead that isn't the responsibility of
the extension...

-Sterling



--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]



-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to