Possible duplicate:How is buffer overflow in PHP / Python?
I read this tutorial when I came to this:
A buffer overflow attack is aimed at overflowing the memory allocation buffer inside your PHP application or, more seriously, in Apache or in the underlying operating system. Remember that you can use a high-level language such as PHP to encode your web applications, but at the end of the day you call C (in the case of Apache) to do the work. And C, like most low-level languages, has strict memory allocation rules.
What? I knew that PHP was well-checked for errors, so buffer overflows were not possible. Do I have to check the length of the user input to avoid too much data flow? Many thanks
Yes, this and the current change log has been fixed 15 bug fixes:
Bug # 61807 Buffer overflow in apache_request_headers, CVE-2012-2329 fixed.Fixed buffer overflow on overlog salt in crypt (). (Clément LECIGNE, StasFixed bug # 60965 (buffer overflow on htmlspecialchars / entity with $ double = false).Fixed stack buffer overflow in socket_connect (). (CVE-2011-1938) Found Mateusz Kochelsky, Marek Kroemeke and Philip Palyan. (Felipe)mysqlnd_list_fields, mysqlnd_change_user. ()mysqlnd. . (). . (Pierre) # 42862 ( IMAP: rfc822.c). ( CVE-2008-2829) ()FastCGI SAPI. ( )glibc fnmatch(), setlocale() glob(). . # 42222 ( php_openssl_make_REQ). (Pierre)make_http_soap_request(). (IIIa)user_filter_factory_create(). (IIIa)libxmlrpc. ()
, , , C/++ ( ).
, , PHP, , , , .
, . , , - , -, ( php ..). , , , .