Ubuntu
php5 package

[regression] stream_get_wrappers broken

Bug #87481 reported by Piotr Szczepanik
254
Affects Status Importance Assigned to Milestone
php5 (Ubuntu)
Invalid
Undecided
Unassigned
Breezy
Fix Released
Undecided
Martin Pitt
Dapper
Fix Released
Undecided
Martin Pitt
Edgy
Fix Released
Undecided
Martin Pitt

Bug Description

Binary package hint: php5

var_dump(stream_get_wrappers());

produces:
array
  0 => string 'ph' (length=2)
  1 => string 'fil' (length=2)
  2 => string 'htt' (length=3)
  3 => string 'ft' (length=2)
  4 => string 'compress.bzip' (length=13)
  5 => string 'compress.zli' (length=12)
  6 => string 'http' (length=4)
  7 => string 'ftp' (length=3)

should produce:
array
  0 => string 'php' (length=3)
  1 => string 'file' (length=4)
  2 => string 'http' (length=4)
  3 => string 'ftp' (length=3)
  4 => string 'compress.bzip2' (length=14)
  5 => string 'compress.zlib' (length=13)
  6 => string 'https' (length=5)
  7 => string 'ftps' (length=4)

One last char is missing in each array element. phpinfo() presents correct "Registered PHP Streams".
After downgrading to "5.1.6-1ubuntu2" works as it is supposed to.

Introduced probably with:
" * Add debian/patches/CVE-2007-0906_streams.patch:
    - Buffer overflows in the stream filters functions.
    - http://cvs.php.net/viewvc.cgi/php-src/ext/standard/streamsfuncs.c?r1=1.58.2.6.2.12&r2=1.58.2.6.2.13
    - http://cvs.php.net/viewvc.cgi/php-src/ext/standard/streamsfuncs.c?r1=1.98&r2=1.99"

Revision history for this message
Kees Cook (kees) wrote : Re: [regression] stream_get_wrappers broken in php5 5.1.6-1ubuntu2.2

From #ubuntu-devel:

16:18 < impl> keescook: http://cvs.php.net/viewvc.cgi/php-src/main/streams/streams.c?r1=1.82.2.6.2.9&r2=1.82.2.6.2.10&pathrev=php_5_2_1
16:18 < impl> That's the missing changeset
16:18 < impl> I believe, anyway.
16:19 < keescook> impl: and I can test for the breakage/fix just by looking at stream_get_wrappers()'s output?
16:19 < impl> Yep
16:19 < keescook> okay, cool. Thanks!

Revision history for this message
Kees Cook (kees) wrote :

Rejecting devel task, this is only in Breezy, Dapper, Edgy.

Changed in php5:
status: Unconfirmed → Rejected
assignee: nobody → pitti
status: Unconfirmed → In Progress
assignee: nobody → pitti
status: Unconfirmed → In Progress
assignee: nobody → pitti
status: Unconfirmed → In Progress
Revision history for this message
Martin Pitt (pitti) wrote :

Fixed packages for all releases prepared, tested, and uploaded. Will publish once everything is built.

Changed in php5:
status: In Progress → Fix Committed
Revision history for this message
Kees Cook (kees) wrote :

Fixes published as USN-424-2, available on the archives shortly.

Changed in php5:
status: Fix Committed → Fix Released
status: In Progress → Fix Released
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.