Confirmed, it also happens to me on Linux, PHP version:
PHP 5.2.4-2ubuntu5.7 with Suhosin-Patch 0.9.6.2 (cli) (built: Aug 21
2009 19:52:39)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
And adding a single character to the echoed string makes it work fine,
seems like a bug to me.
Regards,
Jonathan
On Mon, Oct 12, 2009 at 1:10 PM, Soner Tari <so...@comixwall.org> wrote:
> When shell command returns a specially crafted string, I get an empty
> array as $output of exec(), instead of the string. I can very easily
> reproduce this issue as follows:
>
> Put the following lines in bug.php:
>
> <?php
> exec('php echostr.php', $output);
> print_r($output);
> echo "\n";
> ?>
>
> Then put the following in echostr.php (the string is just one line
> actually, new lines may be inserted by this mail agent, I provide a link
> below):
>
> <?php
> echo 'a:25:{i:0;a:4:{s:4:"Date";s:6:"Aug
> 7";s:4:"Time";s:8:"16:00:01";s:7:"Process";s:16:"newsyslog[23117]";s:3:"Log";s:19:"logfile
> turned over";}i:1;a:4:{s:4:"Date";s:6:"Aug
> 10";s:4:"Time";s:8:"22:43:55";s:7:"Process";s:12:"openvpn[226]";s:3:"Log";s:76:"OpenVPN
> 2.1_rc18 x86_64-unknown-openbsd4.5 [SSL] [LZO1] built on Jun 26
> 2009";}i:2;a:4:{s:4:"Date";s:6:"Aug
> 10";s:4:"Time";s:8:"22:43:55";s:7:"Process";s:12:"openvpn[226]";s:3:"Log";s:102:"NOTE:
> OpenVPN 2.1 requires \'--script-security 2\' or higher to call user-defined
> scripts or executables";}i:3;a:4:{s:4:"Date";s:6:"Aug
> 10";s:4:"Time";s:8:"22:43:55";s:7:"Process";s:12:"openvpn[226]";s:3:"Log";s:27:"LZO
> compression initialized";}i:4;a:4:{s:4:"Date";s:6:"Aug
> 10";s:4:"Time";s:8:"22:43:55";s:7:"Process";s:12:"openvpn[226]";s:3:"Log";s:63:"Control
> Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0
> ]";}i:5;a:4:{s:4:"Date";s:6:"Aug
> 10";s:4:"Time";s:8:"22:43:55";s:7:"Process";s:12:"openvpn[226]";s:3:"Log";s:70:"Data
> Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1
> ]";}i:6;a:4:{s:4:"Date";s:6:"Aug
> 10";s:4:"Time";s:8:"22:43:55";s:7:"Process";s:12:"openvpn[226]";s:3:"Log";s:39:"Local
> Options hash (VER=V4): \'41690919\'";}i:7;a:4:{s:4:"Date";s:6:"Aug
> 10";s:4:"Time";s:8:"22:43:55";s:7:"Process";s:12:"openvpn[226]";s:3:"Log";s:49:"Expected
> Remote Options hash (VER=V4): \'530fdded\'";}i:8;a:4:{s:4:"Date";s:6:"Aug
> 10";s:4:"Time";s:8:"22:43:55";s:7:"Process";s:14:"openvpn[31938]";s:3:"Log";s:48:"Socket
> Buffers: R=[41600->65536] S=[9216->65536]";}i:9;a:4:{s:4:"Date";s:6:"Aug
> 10";s:4:"Time";s:8:"22:43:55";s:7:"Process";s:14:"openvpn[31938]";s:3:"Log";s:25:"UDPv4
> link local: [undef]";}i:10;a:4:{s:4:"Date";s:6:"Aug
> 10";s:4:"Time";s:8:"22:43:55";s:7:"Process";s:14:"openvpn[31938]";s:3:"Log";s:38:"UDPv4
> link remote: 81.215.105.114:1194";}i:11;a:4:{s:4:"Date";s:6:"Aug
> 10";s:4:"Time";s:8:"22:44:55";s:7:"Process";s:14:"openvpn[31938]";s:3:"Log";s:98:"TLS
> Error: TLS key negotiation failed to occur within 60 seconds (check your
> network connectivity)";}i:12;a:4:{s:4:"Date";s:6:"Aug
> 10";s:4:"Time";s:8:"22:44:55";s:7:"Process";s:14:"openvpn[31938]";s:3:"Log";s:31:"TLS
> Error: TLS handshake failed";}i:13;a:4:{s:4:"Date";s:6:"Aug
> 10";s:4:"Time";s:8:"22:44:55";s:7:"Process";s:14:"openvpn[31938]";s:3:"Log";s:23:"TCP/UDP:
> Closing socket";}i:14;a:4:{s:4:"Date";s:6:"Aug
> 10";s:4:"Time";s:8:"22:44:55";s:7:"Process";s:14:"openvpn[31938]";s:3:"Log";s:52:"SIGUSR1[soft,tls-error]
> received, process restarting";}i:15;a:4:{s:4:"Date";s:6:"Aug
> 10";s:4:"Time";s:8:"22:44:55";s:7:"Process";s:14:"openvpn[31938]";s:3:"Log";s:26:"Restart
> pause, 2 second(s)";}i:16;a:4:{s:4:"Date";s:6:"Aug
> 10";s:4:"Time";s:8:"22:44:57";s:7:"Process";s:14:"openvpn[31938]";s:3:"Log";s:102:"NOTE:
> OpenVPN 2.1 requires \'--script-security 2\' or higher to call user-defined
> scripts or executables";}i:17;a:4:{s:4:"Date";s:6:"Aug
> 10";s:4:"Time";s:8:"22:44:57";s:7:"Process";s:14:"openvpn[31938]";s:3:"Log";s:24:"Re-using
> SSL/TLS context";}i:18;a:4:{s:4:"Date";s:6:"Aug
> 10";s:4:"Time";s:8:"22:44:57";s:7:"Process";s:14:"openvpn[31938]";s:3:"Log";s:27:"LZO
> compression initialized";}i:19;a:4:{s:4:"Date";s:6:"Aug
> 10";s:4:"Time";s:8:"22:44:57";s:7:"Process";s:14:"openvpn[31938]";s:3:"Log";s:63:"Control
> Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0
> ]";}i:20;a:4:{s:4:"Date";s:6:"Aug
> 10";s:4:"Time";s:8:"22:44:57";s:7:"Process";s:14:"openvpn[31938]";s:3:"Log";s:70:"Data
> Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1
> ]";}i:21;a:4:{s:4:"Date";s:6:"Aug
> 10";s:4:"Time";s:8:"22:44:57";s:7:"Process";s:14:"openvpn[31938]";s:3:"Log";s:39:"Local
> Options hash (VER=V4): \'41690919\'";}i:22;a:4:{s:4:"Date";s:6:"Aug
> 10";s:4:"Time";s:8:"22:44:57";s:7:"Process";s:14:"openvpn[31938]";s:3:"Log";s:49:"Expected
> Remote Options hash (VER=V4): \'530fdded\'";}i:23;a:4:{s:4:"Date";s:6:"Aug
> 10";s:4:"Time";s:8:"22:44:57";s:7:"Process";s:14:"openvpn[31938]";s:3:"Log";s:48:"Socket
> Buffers: R=[41600->65536] S=[9216->65536]";}i:24;a:4:{s:4:"Date";s:6:"Aug
> 10";s:4:"Time";s:8:"22:44:57";s:7:"Process";s:14:"openvpn[31938]";s:3:"Log";s:25:"UDPv4
> link local: [undef]";}}';
> ?>
>
> When you execute bug.php, you will get an empty array printed out:
>
> Array
> (
> )
>
> But actually, $output should have contained the string above as element
> 0 of the array.
>
> If you delete or add a character in the string, exec() runs
> correctly and you get the intended result. So the issue is specific to
> this special string. You can download echostr.php contents at this link:
> http://comixwall.org/dmdocuments/echostr
>
> The problem is not with the size of the string, because much longer
> strings are fine.
>
> Also this issue does *not* exists with passthru(), shell_exec()
> functions and backtick operator. Furthermore, exec() return value, i.e.
> the last line of shell command output seems fine too (it contains the
> string correctly). So I believe the issue is internal to exec(),
> effecting $output contents only.
>
> As you can guess, this string is in fact serialized openvpn startup log
> lines (I just escaped the single quotes for testing purposes, that's
> all), it is not some manually crafted string. Therefore, the chances are
> quite high that I will get more than one similar situation in the
> future, specifically every time the openvpn logs are rotated, and I
> start openvpn.
>
> I have confirmed this issue on OpenBSD, Linux, and Windows. Here are the
> versions:
>
> OpenBSD:
> PHP 5.2.8 with Suhosin-Patch 0.9.6.3 (cli) (built: Mar 1 2009
> 10:26:06)
> Copyright (c) 1997-2008 The PHP Group
> Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies
> with Suhosin v0.9.27, Copyright (c) 2007, by SektionEins GmbH
>
> Linux:
> PHP 5.2.6-3ubuntu4.2 with Suhosin-Patch 0.9.6.2 (cli) (built: Aug 21
> 2009 21:43:13)
> Copyright (c) 1997-2008 The PHP Group
> Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies
>
> Windows:
> PHP 5.2.11 (cli) (built: Sep 16 2009 19:39:46)
> Copyright (c) 1997-2009 The PHP Group
> Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies
>
> Since Windows version is without Suhosin patch, suhosin as culprit is
> ruled out. (Also to test on Windows, I changed the exec shell command as
> 'php.exe echostr.php' of course.)
>
> I would appreciate if somebody could also confirm my observations, so
> that I can file a bug report (please use the link above to download
> echostr.php contents to be sure we are testing the same string). Or
> else, if you have an explanation, I'd like to hear about it.
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
