Bug 60523 - PHP 4.0.6 patch fails to address problem properly.
PHP 4.0.6 patch fails to address problem properly.
Status: CLOSED ERRATA
Product: Red Hat Linux
Classification: Retired
Component: php (Show other bugs)
7.2
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Joe Orton
David Lawrence
http://bugs.php.net/bug.php?id=15772
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-02-28 18:11 EST by Adrian Chung
Modified: 2007-04-18 12:40 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-12-18 10:18:05 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
4.0.6 memchr logic fix. (1.33 KB, patch)
2002-03-01 10:19 EST, Adrian Chung
no flags Details | Diff

  None (edit)
Description Adrian Chung 2002-02-28 18:11:12 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.8) Gecko/20020205

Description of problem:
The patch released by the PHP team earlier does not properly address the problem.

loc = (char *) memchr(ptr, '\n', rem)+1
if (!loc) {}

won't ever execute the if() block.

The code should simply do the first line without the increment, check the value
of loc, and then do an increment in an else {} block.

Contributed patch attached.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
Look at the code. :)

Actual Results:  It looks bad.

Expected Results:  It should have been fixed properly.

Additional info:

Rasmus at PHP has been contacted, but claims that this fix addresses a rare
segfault condition, whereas the original patch fixes the security hole.

He says that there are so many other potential segfaults in the code that they
don't see a need to fix anything but "urgent security" problems.

:)
Comment 1 Chris Ricker 2002-03-01 10:00:24 EST
Unless I'm missing something, there's no patch attached ;-)
Comment 2 Adrian Chung 2002-03-01 10:19:56 EST
Created attachment 47102 [details]
4.0.6 memchr logic fix.
Comment 3 Adrian Chung 2002-03-01 10:20:31 EST
Uh, duh...  My mistake.

It's attached now. :)
Comment 4 Adrian Chung 2002-03-08 10:00:21 EST
The attached patch is courtesy of Charlie Brady <charlieb@e-smith.com>.
Comment 5 Joe Orton 2002-12-18 10:18:05 EST
This was in fact fixed in the php-4.1.2-7.2.4 erratum.

Note You need to log in before you can comment on or make changes to this bug.