From: [EMAIL PROTECTED]
Operating system: all
PHP version: 4.0 Latest CVS (04/04/2001)
PHP Bug Type: Unknown/Other Function
Bug description: potential Bufferoverflow in extensions based on skeleton...
When i was looking through the CVS version of php, i discovered the following piece of
code in skeleton.c
---snip---
PHP_FUNCTION(confirm_extname_compiled)
{
zval **arg;
int len;
char string[256];
...
...
...
len = sprintf(string, "Congratulations, you have successfully modified ....
t/extname/config.m4, module %s is compiled into PHP", Z_STRVAL_PP(arg));
---snap---
of course the sprintf could be used to perform a standart bufferoverflow. It should be
better changed into ... %.50s ... or similiar to do not create a potential
vulnerability.
As far as i can see ircg and cybermut sources still have the compile confirmation in
them...
ciao,
Stefan Esser
--
Edit Bug report at: http://bugs.php.net/?id=10167&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
