Red Hat Bugzilla – Bug 820101
CVE-2006-7243 in PHP 5.1.6
Last modified: 2012-05-09 05:29:22 EDT
Description of problem:
file_exists() silently truncates anything after a null byte in a string. This produces unexpected results in some circumstances and possibly would result in security problems for limited amounts of poorly written code.
include_once() for instance, provides the following:
"ALERT - Include filename truncated by a \0 after '/etc/passwd' (attacker 'REMOTE_ADDR not set', file '/home/djc/test.php', line 13)"
This seems like a sane way to handle it if truncating has to be done... though frankly since truncation will *always* produce the wrong result it might be nice to throw an error and stop processing.
MUST be show PASS, but script return FAIL.
*** This bug has been marked as a duplicate of bug 662707 ***
See also statement at: