#25997 [NEW]: Embedded null characters in strings breaks documented behavior of functions.

Sun, 26 Oct 2003 21:05:29 -0800 

From:             xodfull at starmen dot net
Operating system: Linux, Apache.
PHP version:      4.3.3
PHP Bug Type:     *General Issues
Bug description:  Embedded null characters in strings breaks documented behavior of 
functions.

Description:
------------
ip2long() is supposed to return -1 on an invalid ip address.  Because of
PHP's method of storing strings, and a careless calling of standard C
library functions that use null-terminated strings, it will not return -1
on invalid ip addresses that contain embedded null characters in
appropriate places.

" The function ip2long() generates an IPv4 Internet network address from
its Internet standard format (dotted string) representation. If ip_address
is invalid than -1 is returned. Note that -1  does not evaluate as FALSE
in PHP."

Reproduce code:
---------------
if(ip2long($_GET[ip]) != -1)
 echo($_GET[ip]);

http://something.net/somescript.php?ip=127.0.0.1%00<b>foo</b>

Expected result:
----------------
Arbitrary HTML insertion.  Worse effects may be possible depending on the
application.


-- 
Edit bug report at http://bugs.php.net/?id=25997&edit=1
-- 
Try a CVS snapshot (php4):  http://bugs.php.net/fix.php?id=25997&r=trysnapshot4
Try a CVS snapshot (php5):  http://bugs.php.net/fix.php?id=25997&r=trysnapshot5
Fixed in CVS:               http://bugs.php.net/fix.php?id=25997&r=fixedcvs
Fixed in release:           http://bugs.php.net/fix.php?id=25997&r=alreadyfixed
Need backtrace:             http://bugs.php.net/fix.php?id=25997&r=needtrace
Try newer version:          http://bugs.php.net/fix.php?id=25997&r=oldversion
Not developer issue:        http://bugs.php.net/fix.php?id=25997&r=support
Expected behavior:          http://bugs.php.net/fix.php?id=25997&r=notwrong
Not enough info:            http://bugs.php.net/fix.php?id=25997&r=notenoughinfo
Submitted twice:            http://bugs.php.net/fix.php?id=25997&r=submittedtwice
register_globals:           http://bugs.php.net/fix.php?id=25997&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=25997&r=php3
Daylight Savings:           http://bugs.php.net/fix.php?id=25997&r=dst
IIS Stability:              http://bugs.php.net/fix.php?id=25997&r=isapi
Install GNU Sed:            http://bugs.php.net/fix.php?id=25997&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=25997&r=float

Reply via email to