If you are one of the guys that read the PHP CVS commits you usually know about the security bugs months before the rest of the community and this is no news for you. During the last 24h the following fix was merged into the PHP CVS.
Corrected fix for CVE-2007-2872
This fixes the chunk_split() overflow that was according to the PHP 5.2.3 release notes already fixed. The original fix was however not only broken but complete nonsense. If you can read C you will see that the integer overflow was not fixed in PHP 5.2.3 but simply moved into a separate line and an additional bogus if clause was added.
You can test this yourself with the following code:
<?php $a=str_repeat("A", 65537); $b=1; $c=str_repeat("A", 65537); chunk_split($a,$b,$c);?>

So my recent posting that was called marketing FUD is even more true.
PS: I wonder if SEC-CONSULT was the one that reported that the fix is no fix at all or if it was one of the linux distributors. The linux distributors and their regression tests that are always a good way to check if bugs are fixed correctly.

Popularity: unranked [?]

Read more at blog-admin@nopiracy.de (Stefan Esser)

Tags: PHP security