ProHoster > Блог > wararka internetka > Nuglaanta php-fpm ee u oggolaanaysa fulinta koodka fog ee server-ka

Nuglaanta php-fpm ee u oggolaanaysa fulinta koodka fog ee server-ka

La heli karo siidaynta saxda ah ee PHP 7.3.11, 7.1.33 iyo 7.2.24, kuwaas oo meesha laga saaray dhaliil nuglaanta (CVE-2019-11043) ee PHP-FPM (Maareeyaha Habka FastCGI) kordhinta, kaas oo kuu ogolaanaya inaad meel fog ka sameyso koodka nidaamka. Si loo weeraro server-yada isticmaala PHP-FPM ee la shaqeeya Nginx si ay u socodsiiyaan qoraallada PHP, waa horeba si guud loo heli karo shaqaale ka faa'iidaysan.

Weerarku wuxuu suurtogal u yahay qaabeynta nginx kaas oo u gudbinta PHP-FPM lagu fuliyo iyada oo la kala saarayo qaybo ka mid ah URL-ka iyadoo la adeegsanayo "fastcgi_split_path_info" iyo qeexida doorsoomiyaha deegaanka PATH_INFO, laakiin iyada oo aan marka hore la hubin jiritaanka faylka iyadoo la adeegsanayo "try_files $ fastcgi_script_name" dardaaranka ama "haddii (!-f $) document_root$ fastcgi_script_name)". Dhibaatadu sidoo kale waa muuqda goobaha lagu bixiyo madal NextCloud. Tusaale ahaan, habayn leh qaab-dhismeedyo sida:

goobta ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^ (. +? \. php) (/.*) $;
fastcgi_param PATH_INFO $ fastcgi_path_info;
fastcgi_pass php: 9000;
}

Waxaad kala socon kartaa xallinta dhibaatada xirmooyinka qaybinta bogaggan: Debian, RHEL, Ubuntu, SUSE/furanSUSE, FreeBSD, halka, Fedora. Hareer ahaan, waxaad ku dari kartaa hubinta jiritaanka faylka PHP ee la codsaday ka dib khadka "fastcgi_split_path_info":

try_files $ fastcgi_script_name = 404;

Dhibka waxaa keenay qalad marka la maamulayo tilmaamayaasha faylka sapi/fpm/fpm/fpm_main.c. Markaad meelaynayso tilmaame, waxaa loo malaynayaa in qiimaha beddelka deegaanka PATH_INFO uu ku jiro horgale u dhigma jidka loo maro qoraalka PHP.
Haddii dardaaranka fastcgi_split_path_info uu qeexayo kala qaybinta dariiqa qoraalka iyadoo la adeegsanayo odhaah joogto ah oo xasaasi ah oo khad cusub ah (tusaale ahaan, tusaalooyin badan ayaa soo jeedinaya adeegsiga "^(.+?\.php)(/.*)$"), markaas weeraryahanku wuxuu xaqiijin karaa in qiimaha madhan ayaa loo qoraa PATH_INFO doorsoomaha deegaanka. Xaaladdan oo kale, dheeraad ah oo ay weheliyaan fulinta fuliyay u qorista path_info[0] ilaa eber oo wac FCGI_PUTENV.

Codsashada URL si gaar ah loo qaabeeyey, weeraryahanku waxa uu ku guulaysan karaa beddelka tilmaame_path_info oo loo beddelo byte-ka ugu horreeya ee qaab-dhismeedka "_fcgi_data_seg", iyo in eber loo qoro byte-kan waxay horseedi doontaa dhaqdhaqaaqa "char* pos" tilmaame aag xusuusta oo hore u yaalay. Midka soo socda ee loo yaqaan FCGI_PUTENV ayaa ku beddeli doona xogta ku jirta xusuustan qiime uu koontarooli karo qofka weerarka geystay. Xusuusta la cayimay waxay sidoo kale kaydisaa qiyamka doorsoomayaasha kale ee FastCGI, iyo qorista xogtooda, weeraryahanku wuxuu abuuri karaa doorsoome PHP_VALUE khiyaali ah wuxuuna ku guuleysan karaa fulinta koodka.

Source: opennet.ru

Add a comment