Jan-E
commented
7 months ago ping @remicollet
C:>php -doutput_buffering=0 run-tests.php ext/standard/tests/general_functions\ghsa-pc52-254m-w9w7*.phpt -q --show-diff
=====================================================================
PHP : x64\Release\php-7.4.33\php.exe
PHP_SAPI : cli
PHP_VERSION : 7.4.33
ZEND_VERSION: 3.4.0
PHP_OS : WINNT - Windows NT X220I7 10.0 build 19045 (Windows 10) AMD64
INI actual : x64\Release\php-7.4.33\php.ini
More .INIs :
---------------------------------------------------------------------
PHP : x64\Release\php-7.4.33\phpdbg.exe
PHP_SAPI : phpdbg
PHP_VERSION : 7.4.33
ZEND_VERSION: 3.4.0
PHP_OS : WINNT - Windows NT X220I7 10.0 build 19045 (Windows 10) AMD64
INI actual : x64\Release\php-7.4.33\php.ini
More .INIs :
---------------------------------------------------------------------
CWD : x64\Release\php-7.4.33
Extra dirs :
VALGRIND : Not used
=====================================================================
Running selected tests.
PASS GHSA-54hq-v5wp-fqgv - proc_open does not correctly escape args for bat files [ext/standard/tests/general_functions\ghsa-pc52-254m-w9w7_1.phpt]
PASS GHSA-54hq-v5wp-fqgv - proc_open does not correctly escape args for cmd files [ext/standard/tests/general_functions\ghsa-pc52-254m-w9w7_2.phpt]
PASS GHSA-54hq-v5wp-fqgv - proc_open does not correctly escape args for cmd executing batch files [ext/standard/tests/general_functions\ghsa-pc52-254m-w9w7_3.phpt]
=====================================================================
Number of tests : 3 3
Tests skipped : 0 ( 0.0%) --------
Tests warned : 0 ( 0.0%) ( 0.0%)
Tests failed : 0 ( 0.0%) ( 0.0%)
Tests passed : 3 (100.0%) (100.0%)
---------------------------------------------------------------------
Time taken : 6 seconds
=====================================================================
remicollet
Backport CVE-2024-1874: Command injection via array-ish $command parameter of proc_open See https://github.com/remicollet/php-src-security/issues/14