From: evgeny at 100mb dot ru Operating system: FreeBSD 4.7 PHP version: 4.3.4 PHP Bug Type: DBM/DBA related Bug description: dba_open read arbitrary files
Description: ------------ dba_open() creates *.db file with fragments of system files or source php scripts Reproduce code: --------------- <?php $db=dba_open("/var/tmp/test.db","n", "gdbm"); ?> Expected result: ---------------- Create test.db only Actual result: -------------- #cat /var/tmp/test.db ... 127.0.0.1 localhost localhost.my.domain # # Imaginary network. #10.0.0.2 myname.my.domain myname #10.0.0.3 myfriend.my.domain myfriend ... (pert of my /etc/hosts here! :( and part of my /etc/services file below :-() .... hylafax 4559/tcp #HylaFAX client-server protocol rfa 4672/tcp #remote file access server rfa 4672/udp #remote file access server commplex-main 5000/tcp commplex-main 5000/udp ..... -- Edit bug report at http://bugs.php.net/?id=26220&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=26220&r=trysnapshot4 Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=26220&r=trysnapshot5 Fixed in CVS: http://bugs.php.net/fix.php?id=26220&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=26220&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=26220&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=26220&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=26220&r=support Expected behavior: http://bugs.php.net/fix.php?id=26220&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=26220&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=26220&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=26220&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=26220&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=26220&r=dst IIS Stability: http://bugs.php.net/fix.php?id=26220&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=26220&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=26220&r=float