Re: PHP fopen() CRLF Injection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

> This issue has now been fixed in their CVS repository. This is the
> patch that they used:

I dislike calling my patch a fix. The problem you describe is not a
bug within PHP. One could call it an undocumented feature, that is
now gone with my patch. You cannot blame a programmer's error on the
language itself. Your fopen() thing does only occur if the programmer
does TWO stupid things: A) pass user input directly to a function
without proper validation, B) pass an url to a function that is not
an url. Any string that contains control chars cannot be a valid url.
Before you pass a string that should be an url to any function you
MUST urlencode() it. No need for your reg expression at all.
Following your idea I could blame the libc authors for implementing
strcpy() because misused it leads to bufferoverflows.

Just because PHP is easy (to learn) you cannot leave your
brain at home when programming for your company. 

Stefan Esser 




Attachment: pgp00210.pgp
Description: PGP signature


[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux