[php-maint] Bug#869893: URL Parsing Problem
Rene Halberstadt
halberstadt at imageware.de
Thu Jul 27 12:35:08 UTC 2017
Package: php5
Version: 5.4.45-0+deb7u9
I found a bug in last update in url parsing when I will use fopen with sftp connection. Here a little sample script which works before the update and now ends with fopen(ssh2.sftp://Resource id #5//some remote file): failed to open stream:
<?php
$server = 'example.server';
$user = 'example_user';
$pass = 'example_pass';
$file = 'some remote file';
$connection = ssh2_connect($server, 22);
ssh2_auth_password($connection, $user, $pass);
$sftp = ssh2_sftp($connection);
$path = sprintf('%s%s',
ssh2_sftp_realpath($sftp, '.'),
$file);
$sftp_path = sprintf(
'ssh2.sftp://%s/%s',
$sftp, $path
);
$stat = ssh2_sftp_stat($sftp, $path);
$stream = fopen($sftp_path, 'r');
$size = $stat['size'];
$contents = '';
$read = 0;
$len = $size;
while ($read < $len && ($buf = fread($stream, $len - $read))) {
$read += strlen($buf);
$contents .= $buf;
}
file_put_contents('./test_down.pdf', $contents);
fclose($stream);
I think this error happens because of the following security bugfix
* CVE-2016-10397:
Incorrect handling of various URI components in the URL parser could be
used by attackers to bypass hostname-specific URL checks.
More information about the pkg-php-maint
mailing list