Mail Archives: cygwin/2017/05/17/10:36:11

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2017/05/17/10:36:11

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:subject:references:to:from:reply-to:message-id

:date:mime-version:in-reply-to:content-type

:content-transfer-encoding; q=dns; s=default; b=uUI/ZDegBABVipke

qbkq9OB3meTzX2x0XhkTEpA6p6SBcr4xT/1/plCxKmfYCl9OW0johTX1LvbJbJoN

fuQZgl05eTxfrEfUegke5qE/F3o6WGhZtF8gr/M+klWKpMRS64eXfbJDLR7gC9uS

lNxrP0jC2SJQjEXUMe29eEtVBwk=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:subject:references:to:from:reply-to:message-id

:date:mime-version:in-reply-to:content-type

:content-transfer-encoding; s=default; bh=8Qr+BttcNykFa/feIxj1CB

kWF2M=; b=alu2XFZiKtF4PIz+oUnhwy90W/8Yl01sb1iFJ8pnED8jBWLIBU+ovP

s+BK7tu/mqH4rGzXendfWUCKJz34VtYR8vyMT6j6CztJEUF+qvgtsgX9+P1YOBKI

2uxwcm/OwEXiSXwH8hDIr6CIPFB/JpMmFHr2acWl2Zbjhz+K7kVNc=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=1.0 required=5.0 tests=AWL,BAYES_50,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_LOW autolearn=no version=3.3.2 spammy=rsync, mysql, MySQL, QUERY

X-HELO: smtp-out-so.shaw.ca

X-Authority-Analysis: v=2.2 cv=UpATD64B c=1 sm=1 tr=0 a=WqCeCkldcEjBO3QZneQsCg==:117 a=WqCeCkldcEjBO3QZneQsCg==:17 a=IkcTkHD0fZMA:10 a=wn2tWnfOKRrLvmu7J_sA:9 a=QEXdDO2ut3YA:10

Subject: Re: When running exec('rsync') with PHP, getting Warning: Error while sending QUERY packet.

References: <C34939E9-7140-4ED4-9533-DC907EB25FD6 AT s DOT bjoern-tantau DOT de> <7C541C91-D8B4-44A7-B1FF-AB7F706C9D30 AT s DOT bjoern-tantau DOT de>

To: cygwin AT cygwin DOT com

From: Brian Inglis <Brian DOT Inglis AT SystematicSw DOT ab DOT ca>

Reply-To: Brian DOT Inglis AT SystematicSw DOT ab DOT ca

Message-ID: <4bfd8589-d231-fd1b-fae9-2c3763cffb22@SystematicSw.ab.ca>

Date: Wed, 17 May 2017 08:35:54 -0600

User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0

MIME-Version: 1.0

In-Reply-To: <7C541C91-D8B4-44A7-B1FF-AB7F706C9D30@s.bjoern-tantau.de>

X-CMAE-Envelope: MS4wfCq7j6UL0EcUktFQoua1kggLNcaTVedIhlntDECGVFRl5XAQefG96UL+GDQuO7BwBhbpJe8CoESOn2rw8CdhwKNvlaAJngJK/yWsOZvzfQFlMmN91CZK iIRRy5S5EIYrBQVjjRf3Cal1QZbBByOqT5wnjlnJnz9wBLfuPkYAeaJOdTt5g/ryM4ydj4jfFHBWNQ==

X-IsSubscribed: yes

On 2017-05-17 07:39, BjÃ¶rn Tantau wrote:
> I encountered a rather strange PHP bug I could only reproduce in
> cygwin (32 Bit and 64 Bit).
> If you have a working MySQL-Connection and then run exec('rsync') the 
> next Query produces the Warning:
> PHP Warning:  Error while sending QUERY packet. PID=15036 in 
> /home/limora/test.php on line 5
> test.php:
> <?php
> $pdo = new PDO('mysql:host=127.0.0.1;dbname=mysql', 'root');
> var_dump($pdo->query('SELECT * FROM db'));
> exec('rsync');
> var_dump($pdo->query('SELECT * FROM db'));
> It should output:
> object(PDOStatement)#2 (1) {
>    ["queryString"]=>
>    string(16) "SELECT * FROM db"
> }
> object(PDOStatement)#2 (1) {
>    ["queryString"]=>
>    string(16) "SELECT * FROM db"
> }
> but it does output:
> object(PDOStatement)#2 (1) {
>    ["queryString"]=>
>    string(16) "SELECT * FROM db"
> }
> PHP Warning:  Error while sending QUERY packet. PID=15036 in 
> /home/limora/test.php on line 5
> bool(false)
> So far I could reproduce this with the MariaDB from cygwin as well as
> xampp, so I guess it's not a MySQL problem. I was only able to 
> reproduce this with rsync so far and  no other cli program.

Try running some other program which fails, like /bin/false, or with
options or args that cause failure, like "/bin/cat /var/empty/*".

> I'm completely stumped as to what could be causing this.

Async reporting by PHP of error 1 generated by running rsync with no
args.
It should be a PHP bug if it does not report any command error.

Try typing "rsync" at a command line and you get the same.
Don't run rsync with no args: don't run commands from web pages;
don't exec commands, without explicit protected executable paths,
whose arguments have been sanitized, or can sanitize its own,
from web pages.

Just look at e.g. the metasploit site for easy steps from PHP to
a remote controlled bot command and control server, with a nice
PHP web front end. "Be careful out there."

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:subject:references:to:from:reply-to:message-id
	:date:mime-version:in-reply-to:content-type
	:content-transfer-encoding; q=dns; s=default; b=uUI/ZDegBABVipke
	qbkq9OB3meTzX2x0XhkTEpA6p6SBcr4xT/1/plCxKmfYCl9OW0johTX1LvbJbJoN
	fuQZgl05eTxfrEfUegke5qE/F3o6WGhZtF8gr/M+klWKpMRS64eXfbJDLR7gC9uS
	lNxrP0jC2SJQjEXUMe29eEtVBwk=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:subject:references:to:from:reply-to:message-id
	:date:mime-version:in-reply-to:content-type
	:content-transfer-encoding; s=default; bh=8Qr+BttcNykFa/feIxj1CB
	kWF2M=; b=alu2XFZiKtF4PIz+oUnhwy90W/8Yl01sb1iFJ8pnED8jBWLIBU+ovP
	s+BK7tu/mqH4rGzXendfWUCKJz34VtYR8vyMT6j6CztJEUF+qvgtsgX9+P1YOBKI
	2uxwcm/OwEXiSXwH8hDIr6CIPFB/JpMmFHr2acWl2Zbjhz+K7kVNc=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=1.0 required=5.0 tests=AWL,BAYES_50,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_LOW autolearn=no version=3.3.2 spammy=rsync, mysql, MySQL, QUERY
X-HELO:	smtp-out-so.shaw.ca
X-Authority-Analysis:	v=2.2 cv=UpATD64B c=1 sm=1 tr=0 a=WqCeCkldcEjBO3QZneQsCg==:117 a=WqCeCkldcEjBO3QZneQsCg==:17 a=IkcTkHD0fZMA:10 a=wn2tWnfOKRrLvmu7J_sA:9 a=QEXdDO2ut3YA:10
Subject:	Re: When running exec('rsync') with PHP, getting Warning: Error while sending QUERY packet.
References:	<C34939E9-7140-4ED4-9533-DC907EB25FD6 AT s DOT bjoern-tantau DOT de> <7C541C91-D8B4-44A7-B1FF-AB7F706C9D30 AT s DOT bjoern-tantau DOT de>
To:	cygwin AT cygwin DOT com
From:	Brian Inglis <Brian DOT Inglis AT SystematicSw DOT ab DOT ca>
Reply-To:	Brian DOT Inglis AT SystematicSw DOT ab DOT ca
Message-ID:	<4bfd8589-d231-fd1b-fae9-2c3763cffb22@SystematicSw.ab.ca>
Date:	Wed, 17 May 2017 08:35:54 -0600
User-Agent:	Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version:	1.0
In-Reply-To:	<7C541C91-D8B4-44A7-B1FF-AB7F706C9D30@s.bjoern-tantau.de>
X-CMAE-Envelope:	MS4wfCq7j6UL0EcUktFQoua1kggLNcaTVedIhlntDECGVFRl5XAQefG96UL+GDQuO7BwBhbpJe8CoESOn2rw8CdhwKNvlaAJngJK/yWsOZvzfQFlMmN91CZK iIRRy5S5EIYrBQVjjRf3Cal1QZbBByOqT5wnjlnJnz9wBLfuPkYAeaJOdTt5g/ryM4ydj4jfFHBWNQ==
X-IsSubscribed:	yes