ID:               40746
 Updated by:       [EMAIL PROTECTED]
 Reported By:      youza at post dot cz
 Status:           Assigned
 Bug Type:         MSSQL related
 Operating System: Windows
 PHP Version:      4.4.6
 Assigned To:      fmk
 New Comment:

This is a problem with the dbopen() function in Microsofts ntdblib
library, and not a problem within the PHP extension.

I'll add some length checks to the host parameter for mssql_connect()
and mssql_pconnect() to prevent this from happening.

The problem does not exists in php_dblib.dll (the same extension
compiled with FreeTDS version of the dblib library).



Previous Comments:
------------------------------------------------------------------------

[2007-03-07 09:45:54] youza at post dot cz

Description:
------------
PHP <= 4.4.6 mssql_connect() & mssql_pconnect() local buffer overflow
and safe_mode bypass


Reproduce code:
---------------
See
http://www.securityfocus.com/archive/1/462010/30/0/threaded
or
original url:
http://retrogod.altervista.org/php_446_mssql_connect_bof.html



------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=40746&edit=1

Reply via email to