From: borchinfolab at gmail dot com
Operating system: FC9
PHP version: 5.3CVS-2008-11-27 (snap)
PHP Bug Type: Reproducible crash
Bug description: fread() fails for non-buffered streams in ssh2
Description:
------------
When doing fread() from a ssh2 stream in unbuffered mode the program core
dumps.
I believe the reason for this is ether a problem with fread() or a problem
in php_ssh2_channel_stream_read(). I guess the reason for the crash is that
libssh2_channel_read_ex() in libssh2 returns -37 when the buffer is empty -
this is handed over to fread() where I guess it expects a positive
integer.
I made a small test in php_ssh2_channel_stream_read() to see if this is
the case:
static size_t php_ssh2_channel_stream_read(php_stream *stream, char *buf,
size_t count TSRMLS_DC)
{
php_ssh2_channel_data *abstract =
(php_ssh2_channel_data*)stream->abstract;
stream->eof = libssh2_channel_eof(abstract->channel);
libssh2_channel_set_blocking(abstract->channel,
abstract->is_blocking);
int res = libssh2_channel_read_ex(abstract->channel,
abstract->streamid, buf, count);
return(res < 0 ? 0 : res);
}
This fixed the problem for me. Perhaps the correct return value should be
EOF?
Also ssh2 does not compile for php-5.3 (this has been reported in an other
bug report) - managed to fix this by replacing statements with correct
macros.
I guess the fix will work for php-5.2.* as well, but there has been
corrections in stream_set_blocking() so it might not work after all.
This problem has been reported to php.net as well.
Reproduce code:
---------------
#!/usr/bin/php
<?php
$connection = ssh2_connect(HOSTNAME, 22, array('hostkey'=>'ssh-rsa'));
if(ssh2_auth_pubkey_file($connection, USERNAME, ID_RSA_PUB, ID_RSA, ''))
{
$stream = ssh2_exec($connection, "ps -elf");
// stream_set_blocking($stream, false); THIS DOSN'T WORK
stream_set_blocking($stream, true); // THIS WORKS
while(!feof($stream)) {
$buf = fread($stream, 1024);
echo ">$buf\n";
}
}
?>
Expected result:
----------------
Output from ps -elf
Actual result:
--------------
Core dump
--
Edit bug report at http://bugs.php.net/?id=46697&edit=1
--
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=46697&r=trysnapshot52
Try a CVS snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=46697&r=trysnapshot53
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=46697&r=trysnapshot60
Fixed in CVS:
http://bugs.php.net/fix.php?id=46697&r=fixedcvs
Fixed in CVS and need be documented:
http://bugs.php.net/fix.php?id=46697&r=needdocs
Fixed in release:
http://bugs.php.net/fix.php?id=46697&r=alreadyfixed
Need backtrace:
http://bugs.php.net/fix.php?id=46697&r=needtrace
Need Reproduce Script:
http://bugs.php.net/fix.php?id=46697&r=needscript
Try newer version:
http://bugs.php.net/fix.php?id=46697&r=oldversion
Not developer issue:
http://bugs.php.net/fix.php?id=46697&r=support
Expected behavior:
http://bugs.php.net/fix.php?id=46697&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=46697&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=46697&r=submittedtwice
register_globals:
http://bugs.php.net/fix.php?id=46697&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=46697&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=46697&r=dst
IIS Stability:
http://bugs.php.net/fix.php?id=46697&r=isapi
Install GNU Sed:
http://bugs.php.net/fix.php?id=46697&r=gnused
Floating point limitations:
http://bugs.php.net/fix.php?id=46697&r=float
No Zend Extensions:
http://bugs.php.net/fix.php?id=46697&r=nozend
MySQL Configuration Error:
http://bugs.php.net/fix.php?id=46697&r=mysqlcfg
