Re: [PHP-DEV] RE: (SRADV00001) Arbitrary file disclosure throughPHP file upload

[Zeev Suraski <zeev () zend com>]

True, you need to update another file as well (./main/php_globals.h):

===================================================================
RCS file: /repository/php4/main/php_globals.h,v
retrieving revision 1.53
retrieving revision 1.54
diff -u -r1.53 -r1.54
--- php4/main/php_globals.h     2000/07/04 09:15:06     1.53
+++ php4/main/php_globals.h     2000/09/04 19:07:50     1.54
@@ -94,6 +94,8 @@
        char *gpc_order;
        char *variables_order;

+       HashTable rfc1867_protected_variables;
+
        short connection_status;
        short ignore_user_abort;

Sorry about that.

Zeev

At 07:07 05/09/2000, shaoming wrote:

> Hi!
>
> try building but compiler coughs out the following error:
>
> rfc1867.c: In function `add_protected_variable':
> rfc1867.c:40: structure has no member named
> `rfc1867_protected_variables'
> rfc1867.c: In function `is_protected_variable':
> rfc1867.c:46: structure has no member named
> `rfc1867_protected_variables'
> rfc1867.c: In function `php_mime_split':
> rfc1867.c:103: structure has no member named
> `rfc1867_protected_variables'
> rfc1867.c:142: structure has no member named
> `rfc1867_protected_variables'
> rfc1867.c:145: structure has no member named
> `rfc1867_protected_variables'
> rfc1867.c:154: structure has no member named
> `rfc1867_protected_variables'
> rfc1867.c:183: structure has no member named
> `rfc1867_protected_variables'
> rfc1867.c:191: structure has no member named
> `rfc1867_protected_variables'
> rfc1867.c:237: structure has no member named
> `rfc1867_protected_variables'
> rfc1867.c:281: structure has no member named
> `rfc1867_protected_variables'
> rfc1867.c:326: structure has no member named
> `rfc1867_protected_variables'
> rfc1867.c:342: structure has no member named
> `rfc1867_protected_variables'
> rfc1867.c:390: structure has no member named
> `rfc1867_protected_variables'
> make[2]: *** [rfc1867.lo] Error 1
> make[2]: Leaving directory `/root/src/apache/php-4.0.2/main'
> make[1]: *** [all-recursive] Error 1
> make[1]: Leaving directory `/root/src/apache/php-4.0.2/main'
> make: *** [all-recursive] Error 1
>
> any idea on what could be the problem?
>
> Or could you just direct me to the mailing list that I should be in.
>
> sorry for troubling you...cheers
>
> Zeev Suraski wrote:
> >
> > The initial fix published earlier did NOT fix the vulnerability that was
> > discovered, and could also cause crashes under certain circumstances.  It
> > could also cause some applications to fail, due to a side effect that
> > prevents certain valid form variables from being processed correctly.
> >
> > The correct, tested fixed file (without any side effects) is available at
> >
> >
> http://cvsweb.php.net/viewcvs.cgi/~checkout~/php4/main/rfc1867.c?rev=1.45&content-type=text/plain
> >
> > The diff against version 4.0.2 is available at:
> >
> >
> http://cvsweb.php.net/viewcvs.cgi/php4/main/rfc1867.c.diff?r1=1.38%3Aphp_4_0_2&tr1=1.1&r2=text&tr2=1.45&diff_format=u
> >
> > It is also attached to this message.
> >
> > Thanks to James Moore for helping me test this fix.
> >
> > Zeev
> >
> >   ------------------------------------------------------------------------
> >                      Name: rfc1867.c.diff
> >    rfc1867.c.diff    Type: unspecified type (application/octet-stream)
> >                  Encoding: base64
> >
> >   ------------------------------------------------------------------------
> > --
> > Zeev Suraski   <zeev () zend com>
> > http://www.zend.com/

--
Zeev Suraski   <zeev () zend com>
http://www.zend.com/