(capital) FALSE is evaluted to int(0) whether to bool(false)
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| php5 (Ubuntu) |
Fix Released
|
Low
|
Unassigned | ||
Bug Description
Binary package hint: php5
The problem occurs on a Ubuntu 8.04 (server) machine with version 5.2.4-2ubuntu5.10 of php5.
The expression FALSE is evaluated to int(0) and not to bool(false).
Then the boolean expresion "FALSE === false" will result in false and not in true.
On a Ubuntu 8.04 (server) machine installed from scratch this problem can not be reproduced.
Therefore my suggestion is, that this bug is introduced after an upgrade from Dapper Drake to Hardy Heron, since this is the case on that machine, where the error occurs.
Of course this issue can lead to a security vulnerability, since you then can not rely on the value of FALSE in general.
Assume there is a function "is_logged_
A test "is_logged_in($usr) !== FALSE" won't have the expected behavior. Of course this is a stupid example, but think of functions that return FALSE and integer values >= 0: if such functions are involved into a security related procedure, this can end up in a disaster very quickly.
| Marc Deslauriers (mdeslaur) wrote | #1 |
| security vulnerability: | yes → no |
| visibility: | private → public |
| Chuck Short (zulcss) wrote | #2 |
| Changed in php5 (Ubuntu): | |
| status: | New → Incomplete |
| importance: | Undecided → Low |
| Wutang (wutang) wrote | #3 |
| Chuck Short (zulcss) wrote | #4 |
| Changed in php5 (Ubuntu): | |
| status: | Incomplete → Fix Released |
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.