News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

PHP Security Blog:
Chunk_split() Overflow not fixed at all...
June 05, 2007 @ 07:41:00

In this new post to the PHP Security blog, Stefan Esser points out that an issue that was previously marked as corrected - a problem with the chunk_split function - hasn't completely been corrected.

This [bugfix] fixes the chunk_split() overflow (found by SEC-CONSULT) that was according to the PHP 5.2.3 release notes already fixed. The original fix was however not only broken but complete nonsense. If you can read C you will see that the integer overflow was not fixed in PHP 5.2.3 but simply moved into a separate line and an additional bogus if clause was added.

Stefan includes a simple four line code example to illustrate his point.

0 comments voice your opinion now!
chunksplit overflow bug chunksplit overflow bug


blog comments powered by Disqus

Similar Posts

Pierre-Alain Joye's Blog: Windows fixes release for Zip, fopen(,"rb") may not be binary safe

Pierre-Alain Joye's Blog: Package Updates - Zip & htscanner

Johannes Schluter's Blog: References and foreach

Lukas Smith's Blog: back Is your chosen PHP framework on the PHP primary tester mailinglist?

Jamie Wong's Blog: Effective bugfixing techniques for PHP


Community Events





Don't see your event here?
Let us know!


voicesoftheelephpant composer framework package security opinion library laravel version interview community update podcast tool release introduction series language mvc symfony

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework