Bugtraq mailing list archives
Re: [PHP-DEV] RE: (SRADV00001) Arbitrary file disclosure throughPHP file upload
From: Zeev Suraski <zeev () zend com>
Date: Tue, 5 Sep 2000 07:23:24 +0300
True, you need to update another file as well (./main/php_globals.h): =================================================================== RCS file: /repository/php4/main/php_globals.h,v retrieving revision 1.53 retrieving revision 1.54 diff -u -r1.53 -r1.54 --- php4/main/php_globals.h 2000/07/04 09:15:06 1.53 +++ php4/main/php_globals.h 2000/09/04 19:07:50 1.54 @@ -94,6 +94,8 @@ char *gpc_order; char *variables_order; + HashTable rfc1867_protected_variables; + short connection_status; short ignore_user_abort; Sorry about that. Zeev At 07:07 05/09/2000, shaoming wrote:
Hi! try building but compiler coughs out the following error: rfc1867.c: In function `add_protected_variable': rfc1867.c:40: structure has no member named `rfc1867_protected_variables' rfc1867.c: In function `is_protected_variable': rfc1867.c:46: structure has no member named `rfc1867_protected_variables' rfc1867.c: In function `php_mime_split': rfc1867.c:103: structure has no member named `rfc1867_protected_variables' rfc1867.c:142: structure has no member named `rfc1867_protected_variables' rfc1867.c:145: structure has no member named `rfc1867_protected_variables' rfc1867.c:154: structure has no member named `rfc1867_protected_variables' rfc1867.c:183: structure has no member named `rfc1867_protected_variables' rfc1867.c:191: structure has no member named `rfc1867_protected_variables' rfc1867.c:237: structure has no member named `rfc1867_protected_variables' rfc1867.c:281: structure has no member named `rfc1867_protected_variables' rfc1867.c:326: structure has no member named `rfc1867_protected_variables' rfc1867.c:342: structure has no member named `rfc1867_protected_variables' rfc1867.c:390: structure has no member named `rfc1867_protected_variables' make[2]: *** [rfc1867.lo] Error 1 make[2]: Leaving directory `/root/src/apache/php-4.0.2/main' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/root/src/apache/php-4.0.2/main' make: *** [all-recursive] Error 1 any idea on what could be the problem? Or could you just direct me to the mailing list that I should be in. sorry for troubling you...cheers Zeev Suraski wrote: > > The initial fix published earlier did NOT fix the vulnerability that was > discovered, and could also cause crashes under certain circumstances. It > could also cause some applications to fail, due to a side effect that > prevents certain valid form variables from being processed correctly. > > The correct, tested fixed file (without any side effects) is available at > > http://cvsweb.php.net/viewcvs.cgi/~checkout~/php4/main/rfc1867.c?rev=1.45&content-type=text/plain > > The diff against version 4.0.2 is available at: > > http://cvsweb.php.net/viewcvs.cgi/php4/main/rfc1867.c.diff?r1=1.38%3Aphp_4_0_2&tr1=1.1&r2=text&tr2=1.45&diff_format=u > > It is also attached to this message. > > Thanks to James Moore for helping me test this fix. > > Zeev > > ------------------------------------------------------------------------ > Name: rfc1867.c.diff > rfc1867.c.diff Type: unspecified type (application/octet-stream) > Encoding: base64 > > ------------------------------------------------------------------------ > -- > Zeev Suraski <zeev () zend com> > http://www.zend.com/
-- Zeev Suraski <zeev () zend com> http://www.zend.com/
Current thread:
- (SRADV00001) Arbitrary file disclosure through PHP file upload Secure Reality Advisories (Sep 03)
- Re: (SRADV00001) Arbitrary file disclosure through PHP file upload Signal 11 (Sep 04)
- Re: [PHP-DEV] RE: (SRADV00001) Arbitrary file disclosure through PHP file upload Rasmus Lerdorf (Sep 04)
- Re: [PHP-DEV] RE: (SRADV00001) Arbitrary file disclosure through PHP file upload Zeev Suraski (Sep 04)
- Message not available
- Re: [PHP-DEV] RE: (SRADV00001) Arbitrary file disclosure throughPHP file upload Zeev Suraski (Sep 04)
- Re: [PHP-DEV] RE: (SRADV00001) Arbitrary file disclosure through PHP file upload Rasmus Lerdorf (Sep 04)
- Re: (SRADV00001) Arbitrary file disclosure through PHP file upload Signal 11 (Sep 04)