View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001189 | Xdebug | Uncategorized | public | 2015-09-25 13:28 | 2015-12-07 11:32 |
| Reporter | techkey | Assigned To | derick | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Platform | Windows x64 | OS | Microsoft Windows 10 Pro | OS Version | 10.0.10240 Build |
| Target Version | 2.4.1 | Fixed in Version | 2.4.0rc2 | ||
| Summary | 0001189: Remove address attribute from remote debugging responses, as they sometimes get negative and expose potential security issues | ||||
| Description | Tests (e.g. bug00421.phpt) that check XML returns negative addresses in the address attribute. | ||||
| Steps To Reproduce | Run tests that check XML and look at the addresses. | ||||
| Additional Information | Has this to do with lines like: xdebug_xml_add_attribute_ex(node, "address", xdebug_sprintf("%ld", (long) val), 0, 1); in xdebug_var.c? Note the 'd' (signed integer) in "%ld". Negative address values are not filtered out in line 49 of dbgpclient.php (addresses shouldn't be negative in the first place). This happens in PHP5.6.13 with xdebug 2.3.3.1 (downloaded dll and built from source) and PHP7 with xdebug master (built from source). | ||||
| Tags | No tags attached. | ||||
| Operating System | Microsoft Windows 10 Pro 10.0.10240 Build 10240 x64 | ||||
| PHP Version | 5.1.0 | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2015-09-25 13:28 | techkey | New Issue | |
| 2015-11-20 17:56 | derick | PHP Version | 7.0RCx => 5.1.0 |
| 2015-11-20 17:56 | derick | Target Version | => 2.4.1 |
| 2015-12-02 23:00 | derick | Summary | Negative addresses in XML => Remove address attribute from remote debugging responses, as they sometimes get negative and expose potential security issues |
| 2015-12-02 23:03 | derick | Note Added: 0003281 | |
| 2015-12-02 23:03 | derick | Status | new => closed |
| 2015-12-02 23:03 | derick | Assigned To | => derick |
| 2015-12-02 23:03 | derick | Resolution | open => fixed |
| 2015-12-02 23:03 | derick | Fixed in Version | => 2.4.0 |
| 2015-12-07 11:32 | derick | Fixed in Version | 2.4.0 => 2.4.0rc2 |
| 2016-07-31 12:36 | derick | Category | Usage problems => Usage problems (Crashes) |
| 2016-07-31 12:38 | derick | Category | Usage problems (Crashes) => Usage problems (Wrong Results) |
| 2020-03-12 16:35 | derick | Category | Usage problems (Wrong Results) => Variable Display |
| 2020-03-12 16:38 | derick | Category | Variable Display => Uncategorized |
