ZF-2880 - Issues - Zend Framework

ZF-2880: Security issue in Zend_Cache_Core

Issue Type:

Bug

Created:

2008-03-14T03:19:14.000+0000

Last Updated:

2008-03-21T17:11:57.000+0000

Status:

Resolved

Fix version(s):

1.5.1 (25/Mar/08)

Reporter:

Lars Strojny (lars)

Assignee:

Fabien MARTY (fab)

Tags:

Zend_Cache

Related issues:

Attachments:

007-Zend_Cache_Core-newline-injection.diff

Description

The method validateIdOrTag() should only allow [a-zA-Z0-9]. However, the preg_match() call misses the D-modifier and therefore also trailing newlines are allowed. This might not be the biggest problem on earth as I couldn't find any real attack scenario but this should be fixed anyway.

Comments

Posted by Lars Strojny (lars) on 2008-03-14T03:19:58.000+0000

Fixes the newline injection by adding the D-modifier.

Posted by Fabien MARTY (fab) on 2008-03-14T14:26:03.000+0000

fixed in SVN trunk and in 1.5 branch

probably no real attack scenario possible

but...

Posted by Wil Sinclair (wil) on 2008-03-21T17:11:57.000+0000

I'm assuming this fix is merged to the 1.5 release branch for release with 1.5.1. Please update JIRA if this is not the case.