| Integer overflow in PHP socket_iovec_alloc() function
Author : Sir Mordred <firstname.lastname@example.org>
//@(#) Mordred Security Labs advisory
Release date: March 25, 2003
Name: Integer overflow in PHP socket_iovec_alloc() function
Versions affected: < 4.3.2
Conditions: PHP must be compiled with --enable-sockets option, which is
turned off by default
Author: Sir Mordred (email@example.com)
PHP is a widely-used general-purpose scripting language that is
especially suited for Web development and can be embedded into HTML.
Please visit http://www.php.net for more information about PHP.
The PHP socket extension implements a low-level interface to the socket
communication functions based on the popular BSD sockets, providing the
possibility to act as a socket server as well as a client...
To enable this extenstion PHP should be compiled with --enable-sockets
There exists an integer overflow in socket_iovec_alloc() function.
When requestiong the following php script, a httpd child will die with
the error message: child pid <pidnum> exit signal Segmentation fault
$ cat t.php
III. Platforms tested
Linux 2.4 with Apache 1.3.27 / PHP 4.3.1
Don't use the sockets extension.
IV. Vendor response
Vendor notified, issue will be fixed in PHP 4.3.2.