Bug 182719 - ImageCreateFromGif does not clean up its temporary file
ImageCreateFromGif does not clean up its temporary file
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: php (Show other bugs)
4.0
All Linux
medium Severity high
: ---
: ---
Assigned To: Joe Orton
David Lawrence
http://cvs.php.net/viewcvs.cgi/php-sr...
:
: 169771 189165 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-02-24 04:36 EST by Sander Steffann
Modified: 2007-11-30 17:07 EST (History)
2 users (show)

See Also:
Fixed In Version: RHSA-2006-0276
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-04-25 10:28:33 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
PHP Bug Tracker 30658 None None None Never

  None (edit)
Description Sander Steffann 2006-02-24 04:36:34 EST
Description of problem:


Version-Release number of selected component (if applicable):
 PHP 4.3.9

How reproducible:
 Use the function ImageCreateFromGif

Steps to Reproduce:
1. Create a PHP script that uses the function ImageCreateFromGif
  
Actual results:
 The tempfile created by ImageCreateFromGif still exists

Expected results:
 No tempfiles should remain

Additional info:
 This causes a full /tmp partition on webservers that use the
 ImageCreateFromGif function. This leads to server problems and can be used
 as a DoS attack on the webserver by a local user. This is especially important
 for webhosting providers like us, where there are many 'external' users who
 can upload PHP scripts.

 The bug has been fixed by the PHP developers on 2004/11/02, so I am very
 disappointed that Red Hat has nog included this (imho important) fix yet.
 The diff in on the supplied URL.
Comment 3 Red Hat Bugzilla 2006-04-25 10:28:33 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2006-0276.html
Comment 4 Joe Orton 2006-12-12 08:18:05 EST
*** Bug 169771 has been marked as a duplicate of this bug. ***
Comment 5 Joe Orton 2006-12-14 10:41:46 EST
*** Bug 189165 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.