Bug #60677 [Bgs->Ver]: CGI doesn't properly validate shebang line contains #!

Fri, 06 Jan 2012 21:37:51 -0800 

Edit report at https://bugs.php.net/bug.php?id=60677&edit=1

 ID:                 60677
 Updated by:         dtajchre...@php.net
 Reported by:        pasamio at gmail dot com
 Summary:            CGI doesn't properly validate shebang line contains
                     #!
-Status:             Bogus
+Status:             Verified
 Type:               Bug
 Package:            CGI/CLI related
 Operating System:   N/A
 PHP Version:        trunk-SVN-2012-01-07 (SVN)
 Block user comment: N
 Private report:     N

 New Comment:

I completely misunderstood what you were saying... forgive me. :) Taking a 
second 
look, you're right... the logic only checks the first character when 
cgi.check_shebang_line = 1.


Previous Comments:
------------------------------------------------------------------------
[2012-01-07 05:20:05] dtajchre...@php.net

Lines that begin with a hash tag can also be comments... 

# This is a comment... <?php echo 'None of this will appear!' ?>

http://us.php.net/manual/en/language.basic-syntax.comments.php

------------------------------------------------------------------------
[2012-01-07 02:43:13] pasamio at gmail dot com

This appears to have been introduced with this change:

http://svn.php.net/viewvc/php/php-src/trunk/sapi/cgi/cgi_main.c?
r1=288080&r2=288081&

------------------------------------------------------------------------
[2012-01-07 02:39:51] pasamio at gmail dot com

Description:
------------
When running in CGI, PHP attempts to look for a shebang. However there is a bug 
where if the first character of the first line is a hash character/pound 
character (#), PHP doesn't validate that the next character is an exclamation 
mark and thus a properly formed shebang line (e.g. #!). Instead PHP just skips 
the entire line ignoring any PHP code that might be on that line.

The code in question from a quick examination appears to be here in trunk:
http://svn.php.net/viewvc/php/php-src/trunk/sapi/cgi/cgi_main.c?
revision=321634&view=markup

On lines 2361, 2379 and 2396.

And on the PHP 5.4 branch:
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/sapi/cgi/cgi_main.c?
revision=321634&view=markup

On lines 2362, 2380 and 2397.

This has been replicated on PHP 5.3.3 and PHP 5.3.5 as well as being in current 
trunk.

Test script:
---------------
#<?php echo "Hello World\n"; ?>
Second line.

Expected result:
----------------
X-Powered-By: PHP/5.3.3-7+squeeze3
Content-type: text/html

#Hello World
Second line.

Actual result:
--------------
X-Powered-By: PHP/5.3.3-7+squeeze3
Content-type: text/html

Second line.


------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=60677&edit=1

Reply via email to