ID: 40746 Updated by: [EMAIL PROTECTED] Reported By: youza at post dot cz Status: Assigned Bug Type: MSSQL related Operating System: Windows PHP Version: 4.4.6 Assigned To: fmk New Comment:
This is a problem with the dbopen() function in Microsofts ntdblib library, and not a problem within the PHP extension. I'll add some length checks to the host parameter for mssql_connect() and mssql_pconnect() to prevent this from happening. The problem does not exists in php_dblib.dll (the same extension compiled with FreeTDS version of the dblib library). Previous Comments: ------------------------------------------------------------------------ [2007-03-07 09:45:54] youza at post dot cz Description: ------------ PHP <= 4.4.6 mssql_connect() & mssql_pconnect() local buffer overflow and safe_mode bypass Reproduce code: --------------- See http://www.securityfocus.com/archive/1/462010/30/0/threaded or original url: http://retrogod.altervista.org/php_446_mssql_connect_bof.html ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=40746&edit=1