当前位置：首页 > article >正文

PHP5.2下chunk_split()函数整数溢出漏洞分析

article 2026/4/9 4:00:17

受影响系统PHP PHP 5.2.3不受影响系统PHP PHP 5.2.3描述--------------------------------------------------------------------------------BUGTRAQ ID: 24261CVE(CAN) ID: CVE-2007-2872PHP是一种流行的WEB服务器端编程语言。PHP中的chunk_split函数在处理畸形参数时存在整数溢出漏洞本地攻击者可能利用此漏洞提升自己的权限。PHP中chunk_split函数的1963行试图为函数结果分配充分的内存大小但没有执行任何检查便使用了srclen和chunklen参数块。如果值的块和endlen大于65534字节的话就会触发整数溢出分配错误的内存大小导致堆溢出。ext/standard/string.c1953 static char *php_chunk_split(char *src, int srclen, char *end,int endlen, int chunklen, int *destlen)1954 {1955 char *dest;1956 char *p, *q;1957 int chunks; /* complete chunks! */1958 int restlen;19591960 chunks srclen / chunklen;1961 restlen srclen - chunks * chunklen; /* srclen % chunklen */19621963 dest safe_emalloc((srclen (chunks 1) * endlen 1),sizeof(char), 0);19641965 for (p src, q dest; p (src srclen - chunklen 1); ) {1966 memcpy(q, p, chunklen);1967 q chunklen;1968 memcpy(q, end, endlen);1969 q endlen;1970 p chunklen;1971 }*来源Gerhard Wagner*测试方法--------------------------------------------------------------------------------警告以下程序(方法)可能带有攻击性仅供安全研究与教学之用。使用者风险自负?$astr_repeat(A, 65535);$b1;$cstr_repeat(A, 65535);chunk_split($a,$b,$c);?建议--------------------------------------------------------------------------------厂商补丁PHP---my.oschina.net/u/3794224/blog/19550464my.oschina.net/u/3427593/blog/19550463my.oschina.net/u/3794224/blog/19550452my.oschina.net/u/3427593/blog/19550451my.oschina.net/u/3794224/blog/19550438my.oschina.net/u/3427593/blog/19550436my.oschina.net/u/3794224/blog/19550424my.oschina.net/u/3427593/blog/19550423my.oschina.net/u/3794224/blog/19550412my.oschina.net/u/3427593/blog/19550409my.oschina.net/u/3794224/blog/19550397my.oschina.net/u/3427593/blog/19550396my.oschina.net/u/3794224/blog/19550383my.oschina.net/u/3427593/blog/19550381my.oschina.net/u/3794224/blog/19550368my.oschina.net/u/3427593/blog/19550366my.oschina.net/u/3794224/blog/19550356my.oschina.net/u/3427593/blog/19550352my.oschina.net/u/3794224/blog/19550342my.oschina.net/u/3427593/blog/19550341my.oschina.net/u/3794224/blog/19550327my.oschina.net/u/3427593/blog/19550326my.oschina.net/u/3794224/blog/19550311my.oschina.net/u/3427593/blog/19550309my.oschina.net/u/3794224/blog/19550297my.oschina.net/u/3427593/blog/19550294my.oschina.net/u/3794224/blog/19550283my.oschina.net/u/3794224/blog/19550268my.oschina.net/u/3427593/blog/19550265my.oschina.net/u/3794224/blog/19550256my.oschina.net/u/3427593/blog/19550252my.oschina.net/u/3794224/blog/19550240my.oschina.net/u/3427593/blog/19550239my.oschina.net/u/3794224/blog/19550224my.oschina.net/u/3427593/blog/19550222my.oschina.net/u/3794224/blog/19550210my.oschina.net/u/3427593/blog/19550206my.oschina.net/u/3794224/blog/19550198my.oschina.net/u/3427593/blog/19550193my.oschina.net/u/3794224/blog/19550184my.oschina.net/u/3427593/blog/19550180my.oschina.net/u/3794224/blog/19550170my.oschina.net/u/3427593/blog/19550166my.oschina.net/u/3794224/blog/19550153my.oschina.net/u/3427593/blog/19550151my.oschina.net/u/3794224/blog/19550139my.oschina.net/u/3427593/blog/19550135my.oschina.net/u/3794224/blog/19550128my.oschina.net/u/3427593/blog/19550121my.oschina.net/u/3794224/blog/19550113my.oschina.net/u/3427593/blog/19550110my.oschina.net/u/3794224/blog/19550098my.oschina.net/u/3427593/blog/19550095my.oschina.net/u/3794224/blog/19550083my.oschina.net/u/3427593/blog/19550080my.oschina.net/u/3794224/blog/19550068my.oschina.net/u/3427593/blog/19550065my.oschina.net/u/3794224/blog/19550055my.oschina.net/u/3427593/blog/19550050my.oschina.net/u/3794224/blog/19550043my.oschina.net/u/3427593/blog/19550037my.oschina.net/u/3794224/blog/19550026my.oschina.net/u/3427593/blog/19550024my.oschina.net/u/3794224/blog/19550012my.oschina.net/u/3427593/blog/19550007my.oschina.net/u/3794224/blog/19549998my.oschina.net/u/3427593/blog/19549994my.oschina.net/u/3794224/blog/19549982my.oschina.net/u/3427593/blog/19549979my.oschina.net/u/3794224/blog/19549970my.oschina.net/u/3427593/blog/19549964my.oschina.net/u/3794224/blog/19549955my.oschina.net/u/3427593/blog/19549951my.oschina.net/u/3794224/blog/19549940my.oschina.net/u/3427593/blog/19549936my.oschina.net/u/3794224/blog/19549927my.oschina.net/u/3427593/blog/19549922my.oschina.net/u/3427593/blog/19549909my.oschina.net/u/3794224/blog/19549894my.oschina.net/u/3427593/blog/19549892my.oschina.net/u/3794224/blog/19549879my.oschina.net/u/3427593/blog/19549878my.oschina.net/u/3427593/blog/19549865my.oschina.net/u/3794224/blog/19549864my.oschina.net/u/3427593/blog/19549851my.oschina.net/u/3794224/blog/19549852my.oschina.net/u/3427593/blog/19549836my.oschina.net/u/3794224/blog/19549835my.oschina.net/u/3427593/blog/19549824my.oschina.net/u/3794224/blog/19549823my.oschina.net/u/3794224/blog/19549808my.oschina.net/u/3427593/blog/19549807my.oschina.net/u/3427593/blog/19549794my.oschina.net/u/3794224/blog/19549793my.oschina.net/u/3427593/blog/19549780my.oschina.net/u/3794224/blog/19549779my.oschina.net/u/3794224/blog/19549766my.oschina.net/u/3427593/blog/19549765my.oschina.net/u/3794224/blog/19549752my.oschina.net/u/3427593/blog/19549751my.oschina.net/u/3794224/blog/19549736my.oschina.net/u/3427593/blog/19549735my.oschina.net/u/3427593/blog/19549724my.oschina.net/u/3794224/blog/19549723my.oschina.net/u/3794224/blog/19549712my.oschina.net/u/3427593/blog/19549711my.oschina.net/u/3794224/blog/19549696my.oschina.net/u/3427593/blog/19549695my.oschina.net/u/3794224/blog/19549681my.oschina.net/u/3427593/blog/19549680my.oschina.net/u/3794224/blog/19549667my.oschina.net/u/3427593/blog/19549666my.oschina.net/u/3794224/blog/19549652my.oschina.net/u/3427593/blog/19549651my.oschina.net/u/3427593/blog/19549641my.oschina.net/u/3794224/blog/19549640my.oschina.net/u/3794224/blog/19549624my.oschina.net/u/3427593/blog/19549623my.oschina.net/u/3427593/blog/19549610my.oschina.net/u/3794224/blog/19549609my.oschina.net/u/3794224/blog/19549594my.oschina.net/u/3427593/blog/19549593my.oschina.net/u/3794224/blog/19549578my.oschina.net/u/3427593/blog/19549577my.oschina.net/u/3794224/blog/19549568my.oschina.net/u/3427593/blog/19549567my.oschina.net/u/3427593/blog/19549551my.oschina.net/u/3794224/blog/19549550my.oschina.net/u/3794224/blog/19549536my.oschina.net/u/3427593/blog/19549537my.oschina.net/u/3794224/blog/19549524my.oschina.net/u/3427593/blog/19549523my.oschina.net/u/3427593/blog/19549507my.oschina.net/u/3794224/blog/19549506my.oschina.net/u/3427593/blog/19549493my.oschina.net/u/3794224/blog/19549492my.oschina.net/u/3427593/blog/19549480my.oschina.net/u/3794224/blog/19549479my.oschina.net/u/3427593/blog/19549466my.oschina.net/u/3794224/blog/19549465my.oschina.net/u/3794224/blog/19549453my.oschina.net/u/3427593/blog/19549452my.oschina.net/u/3427593/blog/19549437my.oschina.net/u/3794224/blog/19549436my.oschina.net/u/3427593/blog/19549422my.oschina.net/u/3794224/blog/19549421my.oschina.net/u/3427593/blog/19549407my.oschina.net/u/3794224/blog/19549406my.oschina.net/u/3427593/blog/19549394my.oschina.net/u/3794224/blog/19549395my.oschina.net/u/3427593/blog/19549382my.oschina.net/u/3794224/blog/19549381my.oschina.net/u/3427593/blog/19549367my.oschina.net/u/3794224/blog/19549366my.oschina.net/u/3794224/blog/19549354my.oschina.net/u/3427593/blog/19549353my.oschina.net/u/3794224/blog/19549338

PHP5.2下chunk_split()函数整数溢出漏洞分析

相关文章：

PHP5.2下chunk_split()函数整数溢出漏洞分析

OpenClaw隐私保护：Qwen3.5-9B本地处理敏感数据的实践

论文阅读：arxiv 2026 From Assistant to Double Agent: Formalizing and Benchmarking Attacks on OpenClaw for

深入理解xcode-install的实现原理：Ruby CLI工具开发最佳实践

OpenClaw多通道接入：Qwen3-4B同时服务飞书与钉钉机器人

论文阅读：arxiv 2026 Uncovering Security Threats and Architecting Defenses in Autonomous Agents: A Case S

ZString与System.Text.Json集成：零分配JSON序列化的终极方案

Mongoose OS项目部署清单：从开发到生产的完整流程

OpenClaw权限管理：千问3.5-35B-A3B-FP8操作范围最小化实践

打造 AI 冒险团：HagiCode 多 Agent 协作配置实战派

NBIO Websocket支持：通过Autobahn测试套件的完整指南

嵌入式飞控信号滤波：SMA/EMA/互补滤波与卡尔曼简化实现

如何用readme.so快速制作专业README：揭秘实时预览与Markdown同步技术

React Express渲染模式终极指南：Render Props与自定义Hook的对比分析

Go 限流器性能优化终极指南：避免缓存伪共享的 padding 策略

OpenClaw+百川2-13B量化模型：个人知识库自动整理实战指南

ExcelCPU安全指南：在电子表格中运行代码的5大风险与防护策略

开发者利器：OpenClaw+Qwen3.5-9B-AWQ-4bit自动生成UI设计文档

Braft Editor图片处理优化：拖拽调整大小与等比例缩放的终极指南

OpenClaw模型热切换方案：Qwen2.5-VL-7B与其他模型无缝交替使用

百川2-13B-4bits量化模型+OpenClaw：自动化测试报告生成器

色彩心理学与品牌情感：vibrant.js颜色提取终极指南 [特殊字符]

深入解析Doom3.gpl数学库：向量、矩阵与四元数的高效实现

AB测试中的因果推断陷阱：为什么你的随机化试验可能不靠谱？

【JEECG Boot】 JEECG Boot——Online表单系统性知识体系全解

Pagefind静态搜索库：10个关键技巧实现大规模网站的高效低带宽搜索

Python高效处理MDF/MF4数据的实战指南——asammdf深度解析

如何快速掌握 Dism++：Windows 系统优化的终极多语言解决方案

OpenClaw安全实践：Qwen3.5-9B本地化处理敏感数据

Dism++终极指南：如何用这款免费工具彻底优化Windows系统