ghsa-9fcc-425m-g385_001.phpt - OpenGrok history log for /php-src/ext/standard/tests/general_functions/ghsa-9fcc-425m-g385

Revision	Date	Author	Comments
# 3892529f	03-Sep-2024	Christoph M. Becker	Close-GH 15685: improve proc_open error reporting on Windows While similar errors are already reported via `strerror()` on other platforms, this has apparently overlooked for Windows, wh Close-GH 15685: improve proc_open error reporting on Windows While similar errors are already reported via `strerror()` on other platforms, this has apparently overlooked for Windows, where only the error code has been reported so far. We adapt the affected test cases, but since there is no PHP userland function which allows us to get the current system locale, we work around. Closes GH-15687. show more ...
# 4b15f5d4	20-Apr-2024	Niels Dossche <7771979+nielsdos@users.noreply.github.com>	Fix GHSA-9fcc-425m-g385: bypass CVE-2024-1874 The old code checked for suffixes but didn't take into account trailing whitespace. Furthermore, there is peculiar behaviour with trailing d Fix GHSA-9fcc-425m-g385: bypass CVE-2024-1874 The old code checked for suffixes but didn't take into account trailing whitespace. Furthermore, there is peculiar behaviour with trailing dots too. This all happens because of the special path-handling code inside CreateProcessW. By studying Wine's code, we can see that CreateProcessInternalW calls get_file_name [1] in our case because we haven't provided an application name. That code gets the first whitespace-delimited string into app_name excluding the quotes. It's then passed to create_process_params [2] where there is the path handling code that transforms the command line argument to an image path [3]. Inside Wine, the extension check if performed after these transformations [4]. By doing the same thing in PHP we match the behaviour and can properly match the extension even in the given edge cases. [1] https://github.com/wine-mirror/wine/blob/166895ae3ad3890ad946a309d0fd85e89ea3630e/dlls/kernelbase/process.c#L542-L543 [2] https://github.com/wine-mirror/wine/blob/166895ae3ad3890ad946a309d0fd85e89ea3630e/dlls/kernelbase/process.c#L565 [3] https://github.com/wine-mirror/wine/blob/166895ae3ad3890ad946a309d0fd85e89ea3630e/dlls/kernelbase/process.c#L150-L151 [4] https://github.com/wine-mirror/wine/blob/166895ae3ad3890ad946a309d0fd85e89ea3630e/dlls/kernelbase/process.c#L647-L654 show more ...

Revision

Date

Author

Comments

# 3892529f

03-Sep-2024

Christoph M. Becker

Close-GH 15685: improve proc_open error reporting on Windows

While similar errors are already reported via `strerror()` on other
platforms, this has apparently overlooked for Windows, wh

Close-GH 15685: improve proc_open error reporting on Windows

While similar errors are already reported via `strerror()` on other
platforms, this has apparently overlooked for Windows, where only the
error code has been reported so far.

We adapt the affected test cases, but since there is no PHP userland
function which allows us to get the current system locale, we work
around.

Closes GH-15687.

# 4b15f5d4

20-Apr-2024

Niels Dossche <7771979+nielsdos@users.noreply.github.com>

Fix GHSA-9fcc-425m-g385: bypass CVE-2024-1874

The old code checked for suffixes but didn't take into account trailing
whitespace. Furthermore, there is peculiar behaviour with trailing d

Fix GHSA-9fcc-425m-g385: bypass CVE-2024-1874

The old code checked for suffixes but didn't take into account trailing
whitespace. Furthermore, there is peculiar behaviour with trailing dots
too. This all happens because of the special path-handling code inside
CreateProcessW.

By studying Wine's code, we can see that CreateProcessInternalW calls
get_file_name [1] in our case because we haven't provided an application
name. That code gets the first whitespace-delimited string into app_name
excluding the quotes. It's then passed to create_process_params [2]
where there is the path handling code that transforms the command line
argument to an image path [3]. Inside Wine, the extension check if
performed after these transformations [4]. By doing the same thing in
PHP we match the behaviour and can properly match the extension even in
the given edge cases.

[1] https://github.com/wine-mirror/wine/blob/166895ae3ad3890ad946a309d0fd85e89ea3630e/dlls/kernelbase/process.c#L542-L543
[2] https://github.com/wine-mirror/wine/blob/166895ae3ad3890ad946a309d0fd85e89ea3630e/dlls/kernelbase/process.c#L565
[3] https://github.com/wine-mirror/wine/blob/166895ae3ad3890ad946a309d0fd85e89ea3630e/dlls/kernelbase/process.c#L150-L151
[4] https://github.com/wine-mirror/wine/blob/166895ae3ad3890ad946a309d0fd85e89ea3630e/dlls/kernelbase/process.c#L647-L654