ProHoster > Блог > labaran intanet > Rashin lahani a cikin php-fpm wanda ke ba da izinin aiwatar da lambar nesa akan sabar

Rashin lahani a cikin php-fpm wanda ke ba da izinin aiwatar da lambar nesa akan sabar

Bayanin gyara gyara na PHP 7.3.11, 7.1.33 da 7.2.24, wanda a ciki shafe m rauni (CVE-2019-11043) a cikin PHP-FPM (FastCGI Process Manager) tsawo, wanda ke ba ku damar aiwatar da lambar ku a kan tsarin. Don kai hari ga sabobin da ke amfani da PHP-FPM tare da Nginx don gudanar da rubutun PHP, an riga an samu a bainar jama'a. ma'aikacin aiki amfani.

Harin yana yiwuwa a cikin saitunan nginx wanda ake aiwatar da turawa zuwa PHP-FPM ta hanyar raba sassan URL ta amfani da "fastcgi_split_path_info" da ma'anar ma'anar yanayin PATH_INFO, amma ba tare da fara duba wanzuwar fayil ɗin ta amfani da "try_files $ fastcgi_script_name" umarnin ko "idan (!-f $) document_root$ fastcgi_script_name)". Matsalar kuma shirye-shirye a cikin saitunan da aka bayar don dandalin NextCloud. Misali, saiti mai tsari kamar:

wuri ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^ (. +? \. php) (/.*) $;
fastcgi_param PATH_INFO $ fastcgi_path_info;
fastcgi_pass php: 9000;
}

Kuna iya bin diddigin ƙudurin matsalar a cikin kayan rarrabawa akan waɗannan shafuka: Debian, RHEL, Ubuntu, SUSE/budeSUSE, FreeBSD, Arch, Fedora. A matsayin hanyar warwarewa, zaku iya ƙara rajista don wanzuwar fayil ɗin PHP da aka nema bayan layin "fastcgi_split_path_info":

try_files $ fastcgi_script_name = 404;

Kuskure ne ke haifar da matsalar yayin sarrafa masu nuni a cikin fayil sapi/fpm/fpm/fpm_main.c. Lokacin sanya mai nuni, ana ɗauka cewa ƙimar canjin yanayi PATH_INFO dole ne ya ƙunshi prefix wanda yayi daidai da hanyar rubutun PHP.
Idan umarnin fastcgi_split_path_info ya ƙayyade rarraba hanyar rubutun ta amfani da sabon layi mai saurin magana na yau da kullun (misali, misalai da yawa suna ba da shawarar yin amfani da "^(.+?\.php)(/.*)$"), to mai hari zai iya tabbatar da cewa an rubuta darajar fanko zuwa madaidaicin muhalli PATH_INFO. A wannan yanayin, kara tare da kisa za'ayi rubuta hanyar_info[0] zuwa sifili da kiran FCGI_PUTENV.

Ta hanyar neman URL da aka tsara ta wata hanya, mai hari zai iya cimma matsaya na hanyar hanya_info mai nuni zuwa farkon byte na tsarin "_fcgi_data_seg", kuma rubuta sifili zuwa wannan byte zai haifar da motsi na "char * pos" mai nuni zuwa wurin ƙwaƙwalwar ajiya da aka samo a baya. Na gaba da ake kira FCGI_PUTENV zai sake rubuta bayanan a cikin wannan ƙwaƙwalwar tare da ƙimar da maharin zai iya sarrafawa. Ƙwaƙwalwar ƙayyadadden ƙwaƙwalwar ajiya kuma tana adana ƙimar sauran masu canji na FastCGI, kuma ta hanyar rubuta bayanan su, maharin na iya ƙirƙirar ƙagaggen madaidaicin PHP_VALUE kuma ya cimma aiwatar da lambar su.

source: budenet.ru

Add a comment