Date: Fri, 8 Aug 2008 15:01:44 +0100 From: Joe Orton <jorton@...hat.com> To: oss-security@...ts.openwall.com Cc: jorton@...hat.com Subject: Re: CVE request: php-5.2.6 overflow issues On Fri, Aug 08, 2008 at 03:31:45PM +0200, Christian Hoffmann wrote: > * Overflow in ext/gd's imageloadfont() function    > * Overflow in php's internal memnstr() function which is exposed > to userspace as "explode()"     > > As those functions might take user-supplied data in certain webapps > (which is a valid use case at least in case of explode()), those issues > should probably expected to be remotely exploitable. The explode() bug could only be triggered if a script passed a delimiter from untrusted script input without sanitizing/checking it first, which is fairly pathological behaviour. I would call that a script bug, not an issue in the PHP interpreter. e.g looking through the first ~80 hits from: http://www.google.com/codesearch?hl=en&q=+lang:php+explode\+*\(&start=70&sa=N as expected, every explode() call uses a constant/trusted delimiter. Regards, Joe (please CC me on replies)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.