[16563] in bugtraq
Re: [PHP-DEV] RE: (SRADV00001) Arbitrary file disclosure
daemon@ATHENA.MIT.EDU (Zeev Suraski)
Tue Sep 5 02:11:43 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Message-Id: <4.3.2.7.2.20000905071759.05110ae8@mail.zend.com>
Date: Tue, 5 Sep 2000 07:23:24 +0300
Reply-To: zeev@zend.com
From: Zeev Suraski <zeev@ZEND.COM>
X-To: shaoming <shaoming@signetique.com>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <39B4719C.93BF8984@signetique.com>
True, you need to update another file as well (./main/php_globals.h):
===================================================================
RCS file: /repository/php4/main/php_globals.h,v
retrieving revision 1.53
retrieving revision 1.54
diff -u -r1.53 -r1.54
--- php4/main/php_globals.h 2000/07/04 09:15:06 1.53
+++ php4/main/php_globals.h 2000/09/04 19:07:50 1.54
@@ -94,6 +94,8 @@
char *gpc_order;
char *variables_order;
+ HashTable rfc1867_protected_variables;
+
short connection_status;
short ignore_user_abort;
Sorry about that.
Zeev
At 07:07 05/09/2000, shaoming wrote:
>Hi!
>
>try building but compiler coughs out the following error:
>
>rfc1867.c: In function `add_protected_variable':
>rfc1867.c:40: structure has no member named
>`rfc1867_protected_variables'
>rfc1867.c: In function `is_protected_variable':
>rfc1867.c:46: structure has no member named
>`rfc1867_protected_variables'
>rfc1867.c: In function `php_mime_split':
>rfc1867.c:103: structure has no member named
>`rfc1867_protected_variables'
>rfc1867.c:142: structure has no member named
>`rfc1867_protected_variables'
>rfc1867.c:145: structure has no member named
>`rfc1867_protected_variables'
>rfc1867.c:154: structure has no member named
>`rfc1867_protected_variables'
>rfc1867.c:183: structure has no member named
>`rfc1867_protected_variables'
>rfc1867.c:191: structure has no member named
>`rfc1867_protected_variables'
>rfc1867.c:237: structure has no member named
>`rfc1867_protected_variables'
>rfc1867.c:281: structure has no member named
>`rfc1867_protected_variables'
>rfc1867.c:326: structure has no member named
>`rfc1867_protected_variables'
>rfc1867.c:342: structure has no member named
>`rfc1867_protected_variables'
>rfc1867.c:390: structure has no member named
>`rfc1867_protected_variables'
>make[2]: *** [rfc1867.lo] Error 1
>make[2]: Leaving directory `/root/src/apache/php-4.0.2/main'
>make[1]: *** [all-recursive] Error 1
>make[1]: Leaving directory `/root/src/apache/php-4.0.2/main'
>make: *** [all-recursive] Error 1
>
>any idea on what could be the problem?
>
>Or could you just direct me to the mailing list that I should be in.
>
>sorry for troubling you...cheers
>
>Zeev Suraski wrote:
> >
> > The initial fix published earlier did NOT fix the vulnerability that was
> > discovered, and could also cause crashes under certain circumstances. It
> > could also cause some applications to fail, due to a side effect that
> > prevents certain valid form variables from being processed correctly.
> >
> > The correct, tested fixed file (without any side effects) is available at
> >
> >
> http://cvsweb.php.net/viewcvs.cgi/~checkout~/php4/main/rfc1867.c?rev=1.45&content-type=text/plain
> >
> > The diff against version 4.0.2 is available at:
> >
> >
> http://cvsweb.php.net/viewcvs.cgi/php4/main/rfc1867.c.diff?r1=1.38%3Aphp_4_0_2&tr1=1.1&r2=text&tr2=1.45&diff_format=u
> >
> > It is also attached to this message.
> >
> > Thanks to James Moore for helping me test this fix.
> >
> > Zeev
> >
> > ------------------------------------------------------------------------
> > Name: rfc1867.c.diff
> > rfc1867.c.diff Type: unspecified type (application/octet-stream)
> > Encoding: base64
> >
> > ------------------------------------------------------------------------
> > --
> > Zeev Suraski <zeev@zend.com>
> > http://www.zend.com/
--
Zeev Suraski <zeev@zend.com>
http://www.zend.com/
