Edit report at http://bugs.php.net/bug.php?id=51350&edit=1
ID: 51350
User updated by: slogster at gmail dot com
Reported by: slogster at gmail dot com
Summary: recursively including non existing file causes
segfault
Status: Bogus
Type: Bug
Package: Reproducible crash
Operating System: freebsd & linux
PHP Version: 5.2.13
New Comment:
I've tried it with Suhosin-Patch 0.9.7 and it segfaults too
Previous Comments:
------------------------------------------------------------------------
[2010-03-22 21:39:15] tyra3l at gmail dot com
should worth to reading it.
could you at least give me the year for that discussion?
I think, that in this case the script should terminate by memory
exhaustion (memory_limit) or time_limit exhaustion, not with segfault.
In a managed language I shouldn't be able to do stack overflow from
userspace.
At least not this easily.
------------------------------------------------------------------------
[2010-03-22 21:29:00] [email protected]
That's known and there is no bug per se here.
Not everything the suhosin patch does is the right thing to do to solve
a problem. As far as I remember there was a (long) discussion on
internals about this. You may find it interesting.
------------------------------------------------------------------------
[2010-03-22 21:25:05] tyra3l at gmail dot com
suhosin protects against infinite recursion since 2006.
if you can crash the php engine from userland, then you can reset the
seed
http://www.baohx.com/extras/zendcon/lesserknownsecurityproblemsinphpapplications.pdf
page 33: attacker can get fresh seed by crashing php.
so its not only an inconvinience, but can be a security problem also.
Tyrael
------------------------------------------------------------------------
[2010-03-22 17:45:16] [email protected]
Recusrion in PHP leads to a stack overflow for the process, which we
can't properly handle ourselves so the operating system terminates the
PHP process. This is the expected behavior.
------------------------------------------------------------------------
[2010-03-22 17:08:20] slogster at gmail dot com
Description:
------------
function a(){include("/nofile"); a();} a();
/nofine is non existing file
Test script:
---------------
function a(){include("/nofile"); a();} a();
/nofile is non existing file
Expected result:
----------------
should not segfault
Actual result:
--------------
segfault
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/bug.php?id=51350&edit=1
