[Bug 655442] [NEW] memory content leak when using invalid utf-8 with XMLWriter::writeAttribute

Kees Cook kees at ubuntu.com
Wed Oct 6 02:44:42 BST 2010


*** This bug is a security vulnerability ***

Public security bug reported:

Binary package hint: php5

It seems that PHP is not correctly using libxml2's xmlwriter routines,
and allows passing in invalid utf-8 strings which are then misparsed by
libxml2, allowing memory contents to leak into the resulting output.

Actual output:
PHP Warning:  XMLWriter::writeAttribute(): string is not in UTF-8 in /tmp/xmlwriter.php on line 12
<input value="&#x40;&#xB1;�ˋ[����ĹJ���R���Q"/>

Expected output:
<input value="&#xe0;&#e81"/>

** Affects: php
     Importance: Unknown
         Status: Unknown

** Affects: php5 (Ubuntu)
     Importance: Low
         Status: Confirmed

** This bug has been flagged as a security vulnerability

-- 
memory content leak when using invalid utf-8 with XMLWriter::writeAttribute
https://bugs.launchpad.net/bugs/655442
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in ubuntu.



More information about the Ubuntu-server-bugs mailing list