8000 security #cve-2024-50340 [Runtime] Do not read from argv on non-CLI S… · symfony/symfony@30810ed · GitHub
[go: up one dir, main page]
Skip to content

Commit 30810ed

Browse files
nicolas-grekasnicolas-grekas
committed
security #cve-2024-50340 [Runtime] Do not read from argv on non-CLI SAPIs (wouterj)
This PR was merged into the 5.4 branch.
2 parents 99ef39e + a77b308 commit 30810ed

File tree

4 files changed

+29
-5
lines changed

4 files changed

+29
-5
lines changed

src/Symfony/Component/Runtime/SymfonyRuntime.php

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -95,7 +95,7 @@ public function __construct(array $options = [])
9595

9696
if (isset($options['env'])) {
9797
$_SERVER[$envKey] = $options['env'];
98-
} elseif (isset($_SERVER['argv']) && class_exists(ArgvInput::class)) {
98+
} elseif (empty($_GET) && isset($_SERVER['argv']) && class_exists(ArgvInput::class)) {
9999
$this->options = $options;
100100
$this->getInput();
101101
}
@@ -216,6 +216,10 @@ protected static function register(GenericRuntime $runtime): GenericRuntime
216216

217217
private function getInput(): ArgvInput
218218
{
219+
if (!empty($_GET) && filter_var(ini_get('register_argc_argv'), \FILTER_VALIDATE_BOOL)) {
220+
throw new \Exception('CLI applications cannot be run safely on non-CLI SAPIs with register_argc_argv=On.');
221+
}
222+
219223
if (null !== $this->input) {
220224
return $this->input;
221225
}

src/Symfony/Component/Runtime/Tests/phpt/kernel.php

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -17,19 +17,21 @@
1717

1818
class TestKernel implements HttpKernelInterface
1919
{
20+
private $env;
2021
private $var;
2122

22-
public function __construct(string $var)
23+
public function __construct(string $env, string $var)
2324
{
25+
$this->env = $env;
2426
$this->var = $var;
2527
}
2628

2729
public function handle(Request $request, $type = self::MASTER_REQUEST, $catch = true): Response
2830
{
29-
return new Response('OK Kernel '.$this->var);
31+
return new Response('OK Kernel (env='.$this->env.') '.$this->var);
3032
}
3133
}
3234

3335
return function (array $context) {
34-
return new TestKernel($context['SOME_VAR']);
36+
return new TestKernel($context['APP_ENV'], $context['SOME_VAR']);
3537
};

src/Symfony/Component/Runtime/Tests/phpt/kernel.phpt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,4 +9,4 @@ require $_SERVER['SCRIPT_FILENAME'] = __DIR__.'/kernel.php';
99

1010
?>
1111
--EXPECTF--
12-
OK Kernel foo_bar
12+
OK Kernel (env=dev) foo_bar

src/Symfony/Component/Runtime/Tests/phpt/kernel_register_argc_argv.phpt

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
--TEST--
2+
Test HttpKernelInterface with register_argc_argv=1
3+
--INI--
4+
display_errors=1
5+
register_argc_argv=1
6+
--FILE--
7+
<?php
8+
9+
// emulating PHP behavior with register_argc_argv=1
10+
$_GET['-e_test'] = '';
11+
$_SERVER['argc'] = 1;
12+
$_SERVER['argv'] = [' ', '-e', 'test'];
13+
14+
require $_SERVER['SCRIPT_FILENAME'] = __DIR__.'/kernel.php';
15+
16+
?>
17+
--EXPECTF--
18+
OK Kernel (env=dev) foo_bar

0 commit comments

Comments
 (0)
0