ID: 11806
User Update by: [EMAIL PROTECTED]
Old-Status: Feedback
Status: Open
Bug Type: Reproducible crash
Operating system: Linux 2.2.16
PHP Version: 4.0.6
Description: Using $string = md5($string); crashed HTTP child processes
Derick,
Thanks I did not think to check there this time. I see the following, even with the
the $cipher = md5() and CleanString functions disabled:
[Sun Jul 1 09:11:55 2001] Script: '/home/nerdwww/compose.php'
---------------------------------------
mcrypt.c(1322) : Block 0x08429258 status:
Beginning: OK (allocated on mcrypt.c:1252, 24 bytes)
End: Overflown (magic=0x35653364 instead of 0x2A8FCC84)
At least 4 bytes overflown
---------------------------------------
Here are the calls I make using mcrypt outside of the compose.php script you have
already seen:
http://www.nerdnet.com/functions.phps
Thanks again!
Joe
Previous Comments:
---------------------------------------------------------------------------
[2001-07-01 06:45:31] [EMAIL PROTECTED]
Hello,
with debug enabled, do you see any errors in either your httpd errorlog or in
/var/log/zenderrors ?
Derick
---------------------------------------------------------------------------
[2001-06-30 21:52:11] [EMAIL PROTECTED]
Update:
I have compiled php-4.0.6 with --enable-debug to try and get a backtrace, but when I
do, the bug vanishes and the same code no longer crashed my httpd child process..
Here is some detailed info:
PHP 4.0.6 config line:
./configure --with-mysql --with-gd --enable-track-vars --with-jpeg-dir=/usr/local/lib
--enable-bcmath --with-apache=../apache_1.3.20 --enable-ftp --enable-sockets
--with-mcrypt --enable-debug
and for Apache 1.3.20
EAPI_MM="../mm-1.1.3"
SSL_BASE="../openssl-0.9.6a"
./configure
"--enable-module=ssl"
"--with-layout=RedHat"
"--activate-module=src/modules/php4/libphp4.a"
"--enable-module=rewrite"
The script that is causing this error is:
http://www.nerdnet.com/compose.phps
As you can see, a use submits a form, which is the source of $cipher, an alphanumeric
string, which is then encrypted and other actions take place after.
I am not using the Zend Optimizer or anything unusual here at all... If I run the
httpd thru gdb and reproduce the crash it gives me an error in
shutdown_memory_manager() when it crashes, but not much else since the bug disappears
when I compile in debug into PHP... If any more info is needed let me know... Thanks
PHP team, you guys rule!!!
Joe
---------------------------------------------------------------------------
[2001-06-30 05:10:11] [EMAIL PROTECTED]
Can you please post your script as .txt file on the web, so that I can check how the
$cipher is generated?
And is it possibly for you to make a backtrace of this crash
(http://www.php.net/bugs-generating-backtrace.php) as I couldn't reproduce it.
Derick
---------------------------------------------------------------------------
[2001-06-29 14:04:25] [EMAIL PROTECTED]
PHP Options:
'./configure' '--with-mysql' '--with-gd' '--enable-track-vars'
'--with-jpeg-dir=/usr/local/lib' '--enable-bcmath' '--with-apache=../apache_1.3.20'
'--enable-ftp' '--enable-sockets' '--with-mcrypt'
The problem I am having is:
When using the code:
$cipher = md5($cipher); httpd crashes the current child process with:
[Fri Jun 29 10:54:49 2001] [notice] child pid 9766 exit signal Segmentation fault (11)
[Fri Jun 29 10:54:50 2001] [notice] child pid 9920 exit signal Segmentation fault (11)
The page then fails to load, returning nothing to the browser.
Also, I have another function called CleanSring($string); which looks like:
function CleanString($string)
{
$string = strip_tags($string);
$string =
preg_replace("/</?(html|head|meta|title|body|font|img|.jpg|.gif|.vbs|script|tr|table|text).*>/","",$string);
$string =
preg_replace("/</?(HTML|HEAD|META|TITLE|BODY|FONT|IMG|.JPG|.GIF|.VBS|SCRIPT|TR|TABLE|TEXT).*>/","",$string);
$string = preg_replace("/<[^>]*>/","",$string);
return $string;
}
Calling this function like:
$string = CleanString($string); causes the same problem.
Whats weird is I call md5() again below the problem code:
$now = date("r");
$thisID = md5(substr(makeID(), 0, 16));
$onetimepass = substr(md5($thisID), 0, 8);
And neither of these causes the same problem, even when being used in the same
document.
---------------------------------------------------------------------------
Full Bug description available at: http://bugs.php.net/?id=11806
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
