When shell command returns a specially crafted string, I get an empty
array as $output of exec(), instead of the string. I can very easily
reproduce this issue as follows:
Put the following lines in bug.php:
<?php
exec('php echostr.php', $output);
print_r($output);
echo "\n";
?>
Then put the following in echostr.php (the string is just one line
actually, new lines may be inserted by this mail agent, I provide a link
below):
<?php
echo 'a:25:{i:0;a:4:{s:4:"Date";s:6:"Aug
7";s:4:"Time";s:8:"16:00:01";s:7:"Process";s:16:"newsyslog[23117]";s:3:"Log";s:19:"logfile
turned over";}i:1;a:4:{s:4:"Date";s:6:"Aug
10";s:4:"Time";s:8:"22:43:55";s:7:"Process";s:12:"openvpn[226]";s:3:"Log";s:76:"OpenVPN
2.1_rc18 x86_64-unknown-openbsd4.5 [SSL] [LZO1] built on Jun 26
2009";}i:2;a:4:{s:4:"Date";s:6:"Aug
10";s:4:"Time";s:8:"22:43:55";s:7:"Process";s:12:"openvpn[226]";s:3:"Log";s:102:"NOTE:
OpenVPN 2.1 requires \'--script-security 2\' or higher to call user-defined
scripts or executables";}i:3;a:4:{s:4:"Date";s:6:"Aug
10";s:4:"Time";s:8:"22:43:55";s:7:"Process";s:12:"openvpn[226]";s:3:"Log";s:27:"LZO
compression initialized";}i:4;a:4:{s:4:"Date";s:6:"Aug
10";s:4:"Time";s:8:"22:43:55";s:7:"Process";s:12:"openvpn[226]";s:3:"Log";s:63:"Control
Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0
]";}i:5;a:4:{s:4:"Date";s:6:"Aug
10";s:4:"Time";s:8:"22:43:55";s:7:"Process";s:12:"openvpn[226]";s:3:"Log";s:70:"Data
Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1
]";}i:6;a:4:{s:4:"Date";s:6:"Aug
10";s:4:"Time";s:8:"22:43:55";s:7:"Process";s:12:"openvpn[226]";s:3:"Log";s:39:"Local
Options hash (VER=V4): \'41690919\'";}i:7;a:4:{s:4:"Date";s:6:"Aug
10";s:4:"Time";s:8:"22:43:55";s:7:"Process";s:12:"openvpn[226]";s:3:"Log";s:49:"Expected
Remote Options hash (VER=V4): \'530fdded\'";}i:8;a:4:{s:4:"Date";s:6:"Aug
10";s:4:"Time";s:8:"22:43:55";s:7:"Process";s:14:"openvpn[31938]";s:3:"Log";s:48:"Socket
Buffers: R=[41600->65536] S=[9216->65536]";}i:9;a:4:{s:4:"Date";s:6:"Aug
10";s:4:"Time";s:8:"22:43:55";s:7:"Process";s:14:"openvpn[31938]";s:3:"Log";s:25:"UDPv4
link local: [undef]";}i:10;a:4:{s:4:"Date";s:6:"Aug
10";s:4:"Time";s:8:"22:43:55";s:7:"Process";s:14:"openvpn[31938]";s:3:"Log";s:38:"UDPv4
link remote: 81.215.105.114:1194";}i:11;a:4:{s:4:"Date";s:6:"Aug
10";s:4:"Time";s:8:"22:44:55";s:7:"Process";s:14:"openvpn[31938]";s:3:"Log";s:98:"TLS
Error: TLS key negotiation failed to occur within 60 seconds (check your
network connectivity)";}i:12;a:4:{s:4:"Date";s:6:"Aug
10";s:4:"Time";s:8:"22:44:55";s:7:"Process";s:14:"openvpn[31938]";s:3:"Log";s:31:"TLS
Error: TLS handshake failed";}i:13;a:4:{s:4:"Date";s:6:"Aug
10";s:4:"Time";s:8:"22:44:55";s:7:"Process";s:14:"openvpn[31938]";s:3:"Log";s:23:"TCP/UDP:
Closing socket";}i:14;a:4:{s:4:"Date";s:6:"Aug
10";s:4:"Time";s:8:"22:44:55";s:7:"Process";s:14:"openvpn[31938]";s:3:"Log";s:52:"SIGUSR1[soft,tls-error]
received, process restarting";}i:15;a:4:{s:4:"Date";s:6:"Aug
10";s:4:"Time";s:8:"22:44:55";s:7:"Process";s:14:"openvpn[31938]";s:3:"Log";s:26:"Restart
pause, 2 second(s)";}i:16;a:4:{s:4:"Date";s:6:"Aug
10";s:4:"Time";s:8:"22:44:57";s:7:"Process";s:14:"openvpn[31938]";s:3:"Log";s:102:"NOTE:
OpenVPN 2.1 requires \'--script-security 2\' or higher to call user-defined
scripts or executables";}i:17;a:4:{s:4:"Date";s:6:"Aug
10";s:4:"Time";s:8:"22:44:57";s:7:"Process";s:14:"openvpn[31938]";s:3:"Log";s:24:"Re-using
SSL/TLS context";}i:18;a:4:{s:4:"Date";s:6:"Aug
10";s:4:"Time";s:8:"22:44:57";s:7:"Process";s:14:"openvpn[31938]";s:3:"Log";s:27:"LZO
compression initialized";}i:19;a:4:{s:4:"Date";s:6:"Aug
10";s:4:"Time";s:8:"22:44:57";s:7:"Process";s:14:"openvpn[31938]";s:3:"Log";s:63:"Control
Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0
]";}i:20;a:4:{s:4:"Date";s:6:"Aug
10";s:4:"Time";s:8:"22:44:57";s:7:"Process";s:14:"openvpn[31938]";s:3:"Log";s:70:"Data
Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1
]";}i:21;a:4:{s:4:"Date";s:6:"Aug
10";s:4:"Time";s:8:"22:44:57";s:7:"Process";s:14:"openvpn[31938]";s:3:"Log";s:39:"Local
Options hash (VER=V4): \'41690919\'";}i:22;a:4:{s:4:"Date";s:6:"Aug
10";s:4:"Time";s:8:"22:44:57";s:7:"Process";s:14:"openvpn[31938]";s:3:"Log";s:49:"Expected
Remote Options hash (VER=V4): \'530fdded\'";}i:23;a:4:{s:4:"Date";s:6:"Aug
10";s:4:"Time";s:8:"22:44:57";s:7:"Process";s:14:"openvpn[31938]";s:3:"Log";s:48:"Socket
Buffers: R=[41600->65536] S=[9216->65536]";}i:24;a:4:{s:4:"Date";s:6:"Aug
10";s:4:"Time";s:8:"22:44:57";s:7:"Process";s:14:"openvpn[31938]";s:3:"Log";s:25:"UDPv4
link local: [undef]";}}';
?>
When you execute bug.php, you will get an empty array printed out:
Array
(
)
But actually, $output should have contained the string above as element
0 of the array.
If you delete or add a character in the string, exec() runs
correctly and you get the intended result. So the issue is specific to
this special string. You can download echostr.php contents at this link:
http://comixwall.org/dmdocuments/echostr
The problem is not with the size of the string, because much longer
strings are fine.
Also this issue does *not* exists with passthru(), shell_exec()
functions and backtick operator. Furthermore, exec() return value, i.e.
the last line of shell command output seems fine too (it contains the
string correctly). So I believe the issue is internal to exec(),
effecting $output contents only.
As you can guess, this string is in fact serialized openvpn startup log
lines (I just escaped the single quotes for testing purposes, that's
all), it is not some manually crafted string. Therefore, the chances are
quite high that I will get more than one similar situation in the
future, specifically every time the openvpn logs are rotated, and I
start openvpn.
I have confirmed this issue on OpenBSD, Linux, and Windows. Here are the
versions:
OpenBSD:
PHP 5.2.8 with Suhosin-Patch 0.9.6.3 (cli) (built: Mar 1 2009
10:26:06)
Copyright (c) 1997-2008 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies
with Suhosin v0.9.27, Copyright (c) 2007, by SektionEins GmbH
Linux:
PHP 5.2.6-3ubuntu4.2 with Suhosin-Patch 0.9.6.2 (cli) (built: Aug 21
2009 21:43:13)
Copyright (c) 1997-2008 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies
Windows:
PHP 5.2.11 (cli) (built: Sep 16 2009 19:39:46)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies
Since Windows version is without Suhosin patch, suhosin as culprit is
ruled out. (Also to test on Windows, I changed the exec shell command as
'php.exe echostr.php' of course.)
I would appreciate if somebody could also confirm my observations, so
that I can file a bug report (please use the link above to download
echostr.php contents to be sure we are testing the same string). Or
else, if you have an explanation, I'd like to hear about it.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
