Is PHP buffer overflow possible?

php buffer-overflow
Surfer on the fall picture Surfer on the fall · Aug 5, 2012 · Viewed 20k times · Source

Possible Duplicate:
How to conduct buffer overflow in PHP/Python?

I was reading this tutorial, when I came into this:

A buffer overflow attack seeks to overflow the memory allocation buffer inside your PHP application or, more seriously, in Apache or the underlying operating system. Remember that you may be using a high-level language like PHP to code your Web applications, but at the end of the day, you're calling C (in the case of Apache) to do work. And C, like most low-level languages, has strict rules about allocation of memory..

What? I knew that PHP was well error-checked and so buffer overflow wasn't possible. Should I check user input length to avoid too big data flow? Thank you very much

Answer

Esailija picture Esailija · Aug 5, 2012

Yes it is and in the current change log there has been 15 bug fixes related to it:

  • Fixed bug #61807 Buffer Overflow in apache_request_headers, CVE-2012-2329.
  • Fixed buffer overflow on overlog salt in crypt(). (Clément LECIGNE, Stas
  • Fixed bug #60965 (Buffer overflow on htmlspecialchars/entities with $double=false).
  • Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938) Found by Mateusz Kocielski, Marek Kroemeke and Filip Palian. (Felipe)
  • Fixed possible buffer overflows in mysqlnd_list_fields, mysqlnd_change_user. (Andrey)
  • Fixed possible buffer overflows when handling error packets in mysqlnd. Reported by Stefan Esser. (Andrey)
  • Fixed a possible dechunking filter buffer overflow. Reported by Stefan Esser. (Pierre)
  • Fixed bug #42862 (IMAP toolkit crash: rfc822.c legacy routine buffer overflow). (Fixes CVE-2008-2829) (Dmitry)
  • Fixed possible stack buffer overflow in FastCGI SAPI. (Andrei Nigmatulin)
  • Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie.
  • Fixed bug #42222 (possible buffer overflow in php_openssl_make_REQ). (Pierre)
  • Fixed a remotely trigger-able buffer overflow inside make_http_soap_request(). (Ilia)
  • Fixed a buffer overflow inside user_filter_factory_create(). (Ilia)
  • Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc library. (Stas)

Related questions

How to conduct buffer overflow in PHP/Python?

Here is an example in c: #include <stdio.h> #include <string.h> void bad() { printf("Oh shit really bad~!\r\n"); } void foo() { char overme[4] = "WOW"; *(int*)(overme+8) = (int)bad; } int main() { foo(); }

Read More
How do I check if a string contains a specific word?

Consider: $a = 'How are you?'; if ($a contains 'are') echo 'true'; Suppose I have the code above, what is the correct way to write the statement if ($a contains 'are')?

Read More
Get the full URL in PHP

I use this code to get the full URL: $actual_link = 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']; The problem is that I use some masks in my .htaccess, so what we see in the URL is not always …

Read More