Web lists-archives.com

Re: When running exec('rsync') with PHP, getting Warning: Error while sending QUERY packet.




On 2017-05-17 07:39, Björn Tantau wrote:
> I encountered a rather strange PHP bug I could only reproduce in
> cygwin (32 Bit and 64 Bit).
> If you have a working MySQL-Connection and then run exec('rsync') the 
> next Query produces the Warning:
> PHP Warning:  Error while sending QUERY packet. PID=15036 in 
> /home/limora/test.php on line 5
> test.php:
> <?php
> $pdo = new PDO('mysql:host=127.0.0.1;dbname=mysql', 'root');
> var_dump($pdo->query('SELECT * FROM db'));
> exec('rsync');
> var_dump($pdo->query('SELECT * FROM db'));
> It should output:
> object(PDOStatement)#2 (1) {
>    ["queryString"]=>
>    string(16) "SELECT * FROM db"
> }
> object(PDOStatement)#2 (1) {
>    ["queryString"]=>
>    string(16) "SELECT * FROM db"
> }
> but it does output:
> object(PDOStatement)#2 (1) {
>    ["queryString"]=>
>    string(16) "SELECT * FROM db"
> }
> PHP Warning:  Error while sending QUERY packet. PID=15036 in 
> /home/limora/test.php on line 5
> bool(false)
> So far I could reproduce this with the MariaDB from cygwin as well as
> xampp, so I guess it's not a MySQL problem. I was only able to 
> reproduce this with rsync so far and  no other cli program.

Try running some other program which fails, like /bin/false, or with
options or args that cause failure, like "/bin/cat /var/empty/*".

> I'm completely stumped as to what could be causing this.

Async reporting by PHP of error 1 generated by running rsync with no
args.
It should be a PHP bug if it does not report any command error.

Try typing "rsync" at a command line and you get the same.
Don't run rsync with no args: don't run commands from web pages;
don't exec commands, without explicit protected executable paths,
whose arguments have been sanitized, or can sanitize its own,
from web pages.

Just look at e.g. the metasploit site for easy steps from PHP to
a remote controlled bot command and control server, with a nice
PHP web front end. "Be careful out there."

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple