[PHP-DEV] Bug #9403: a bug in functions/sybase.c kills libphp3.so and httpd child.

Thu, 22 Feb 2001 06:20:38 -0800 

From:             [EMAIL PROTECTED]
Operating system: Linux RedHat 6.2 (x86)
PHP version:      3.0.17
PHP Bug Type:     Sybase (dblib) related
Bug description:  a bug in functions/sybase.c kills libphp3.so and httpd child.

Hello,

        On apache-1.3.17+mod_ssl (taken from modssl.org as src.rpm) with
RedHat 6.2 with observed that a lot of our PHP3 scripts would cause an httpd
child to die with a seg fault. This was with both 3.0.17 and 3.0.18. Some of our
scripts would report a warning but most of them would just die in "sybase_connect"
with just 3 arguments. Usually, adding "iso_1" as a 4th argument would solve the
problem. All of these scripts were working fine on php-3.0.9. A dig in the source
showed up uninitalized use of "charset" in sybase.c. We patched sybase.c this way:

--- php-3.0.18.orig/functions/sybase.c  Mon Aug  7 02:09:54 2000
+++ php-3.0.18/functions/sybase.c       Thu Feb 22 14:12:34 2001
@@ -270,7 +270,7 @@
                
        switch(ARG_COUNT(ht)) {
                case 0: /* defaults */
-                       host=user=passwd=NULL;
+                       host=user=passwd=charset=NULL;
                        hashed_details_length=6+3;
                        hashed_details = (char *) emalloc(hashed_details_length+
1);
                        strcpy(hashed_details,"sybase___");
@@ -283,7 +283,7 @@
                                }
                                convert_to_string(yyhost);
                                host = yyhost->value.str.val;
-                               user=passwd=NULL;
+                               user=passwd=charset=NULL;
                                hashed_details_length = yyhost->value.str.len+6+
3;
                                hashed_details = (char *) emalloc(hashed_details
_length+1);
                                sprintf(hashed_details,"sybase_%s__",yyhost->val
ue.str.val);
@@ -299,7 +299,7 @@
                                convert_to_string(yyuser);
                                host = yyhost->value.str.val;
                                user = yyuser->value.str.val;
-                               passwd=NULL;
+                               passwd=charset=NULL;
                                hashed_details_length = yyhost->value.str.len+yy
user->value.str.len+6+3;
                                hashed_details = (char *) emalloc(hashed_details
_length+1);
                                sprintf(hashed_details,"sybase_%s_%s_",yyhost->v
alue.str.val,yyuser->value.str.val);
@@ -317,6 +317,7 @@
                                host = yyhost->value.str.val;
                                user = yyuser->value.str.val;
                                passwd = yypasswd->value.str.val;
+                               charset=NULL;
                                hashed_details_length = yyhost->value.str.len+yy
user->value.str.len+yypasswd->value.str.len+6+3;
                                hashed_details = (char *) emalloc(hashed_details
_length+1);
                                sprintf(hashed_details,"sybase_%s_%s_%s",yyhost-
>value.str.val,yyuser->value.str.val,yypasswd->value.str.val); /* SAFE */

If you need more information, can you please contact me? Thanks.

Vincent Cojot, [EMAIL PROTECTED]


-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to