subject:"\[PHP\-DEV\] Bug #10447 Updated\: ccvs_\*\(\) functions segfault when given invalid session ID"

RE: [PHP-DEV] Bug #10447 Updated: ccvs_*() functions segfault when given invalid session ID

2001-07-23 Thread Brendan McAdams


So does anyone have ideas on how to fix this?  I'm hoping to come up
with a plan of action...

-
Brendan W. McAdams   |   [EMAIL PROTECTED]
Senior Applications Developer | (212) 208-9116
TheMuniCenter, LLC | www.themunicenter.com

"Always listen to experts. They'll tell you what can't be done, and why.
Then do it."
- Robert A. Heinlein

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 23, 2001 11:38
To: [EMAIL PROTECTED]
Subject: [PHP-DEV] Bug #10447 Updated: ccvs_*() functions segfault when
given invalid session ID


ID: 10447
Updated by: bmcadams
Reported By: [EMAIL PROTECTED]
Status: Assigned
Bug Type: CCVS related
Operating System: Linux Mandrake 7.0
PHP Version: 4.0 Latest CVS (22/04/2001)
Assigned To: [EMAIL PROTECTED]
New Comment:

This issue is still outstanding.
FTR, the people at RedHat who wrote this code (Originally HKS Systems)
were all laid off, and the project was assigned to the newly acquired
'Stronghold' division; none of whom have a clue about the CCVS Code.

They are more or less telling me it's our responsibility to preven the
user from passing a bad session.  Anyone got any bright ideas on easy
ways to track if a session being passed in was one created during this
session of PHP? ...


Previous Comments:


[2001-04-22 20:38:14] [EMAIL PROTECTED]

The fix that sterling put in place will at the least check if the
session being passed is a string value: this still doesn't protect from
someone arbitrarily passing any old string (for example "crash_ccvs"). 

While obviously it is up to the programmer to be smart and not pass a
bad session to CCVS, CCVS Should not be segfaulting if they pass a bad
value.

I am looking into a way to trap this value from being bad.



[2001-04-22 20:29:54] [EMAIL PROTECTED]

No, he didn't. :) The problem itself is that session IDs
are completely exposed (i.e. not resource- or list-based)
and there is no error-checking in the module. The check
that was added didn't help; the same code still segfaults
and all of the other affected functions are still affected.




[2001-04-22 20:21:19] [EMAIL PROTECTED]

Sterling fixed this in CVS.

- James



[2001-04-22 20:17:11] [EMAIL PROTECTED]

I have duplicated this issue on my end and I am looking into it.

Fix imminent.



[2001-04-22 19:37:22] [EMAIL PROTECTED]

The ccvs functions segfault when given an invalid session ID.

This works fine:


This segfaults:


Backtrace:
/home/www/php
shanna% gdb php
GNU gdb 19991116
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
details.
This GDB was configured as "i586-mandrake-linux"...
(gdb) run ./ccvstest
Starting program: /usr/local/bin/php ./ccvstest
X-Powered-By: PHP/4.0.6-dev
Content-type: text/html

Trying a presumably invalid configuration: 
Returned: ''; Return type: string

Trying a presumably valid configuration:
Adding an invoice to the session:
Looking up the new invoice:
PHP Warning:  Undefined variable:  sssion in ./ccvstest on line 17

Warning:  Undefined variable:  sssion in ./ccvstest on
line 17
./ccvstest(17) : Warning - Undefined variable:  sssion

Program received signal SIGSEGV, Segmentation fault.
0x4024b791 in strlen () from /lib/libc.so.6
(gdb) bt
#0  0x4024b791 in strlen () from /lib/libc.so.6
#1  0x8071a0d in php_if_ccvs_lookup (ht=3, return_value=0x831164c,
this_ptr=0x0, return_value_used=1) at ccvs.c:486
#2  0x8171cba in execute (op_array=0x82f5a3c) at ./zend_execute.c:1494
#3  0x8138084 in zend_execute_scripts (type=8, file_count=3) at
zend.c:743
#4  0x806a27f in php_execute_script (primary_file=0xb924) at
main.c:1196
#5  0x806825c in main (argc=2, argv=0xb9b4) at cgi_main.c:735
(gdb) 






Edit this bug report at http://bugs.php.net/?id=10447&edit=1


-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]


--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP-DEV] Bug #10447 Updated: ccvs_*() functions segfault when given invalid session ID

2001-07-23 Thread bmcadams


ID: 10447
Updated by: bmcadams
Reported By: [EMAIL PROTECTED]
Status: Assigned
Bug Type: CCVS related
Operating System: Linux Mandrake 7.0
PHP Version: 4.0 Latest CVS (22/04/2001)
Assigned To: [EMAIL PROTECTED]
New Comment:

This issue is still outstanding.
FTR, the people at RedHat who wrote this code (Originally HKS Systems) were all laid 
off, and the project was assigned to the newly acquired 'Stronghold' division; none of 
whom have a clue about the CCVS Code.

They are more or less telling me it's our responsibility to preven the user from 
passing a bad session.  Anyone got any bright ideas on easy ways to track if a session 
being passed in was one created during this session of PHP? ...


Previous Comments:


[2001-04-22 20:38:14] [EMAIL PROTECTED]

The fix that sterling put in place will at the least check if the session being passed 
is a string value: this still doesn't protect from someone arbitrarily passing any old 
string (for example "crash_ccvs"). 

While obviously it is up to the programmer to be smart and not pass a bad session to 
CCVS, CCVS Should not be segfaulting if they pass a bad value.

I am looking into a way to trap this value from being bad.



[2001-04-22 20:29:54] [EMAIL PROTECTED]

No, he didn't. :) The problem itself is that session IDs
are completely exposed (i.e. not resource- or list-based)
and there is no error-checking in the module. The check
that was added didn't help; the same code still segfaults
and all of the other affected functions are still affected.




[2001-04-22 20:21:19] [EMAIL PROTECTED]

Sterling fixed this in CVS.

- James



[2001-04-22 20:17:11] [EMAIL PROTECTED]

I have duplicated this issue on my end and I am looking into it.

Fix imminent.



[2001-04-22 19:37:22] [EMAIL PROTECTED]

The ccvs functions segfault when given an invalid session ID.

This works fine:


This segfaults:


Backtrace:
/home/www/php
shanna% gdb php
GNU gdb 19991116
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i586-mandrake-linux"...
(gdb) run ./ccvstest
Starting program: /usr/local/bin/php ./ccvstest
X-Powered-By: PHP/4.0.6-dev
Content-type: text/html

Trying a presumably invalid configuration: 
Returned: ''; Return type: string

Trying a presumably valid configuration:
Adding an invoice to the session:
Looking up the new invoice:
PHP Warning:  Undefined variable:  sssion in ./ccvstest on line 17

Warning:  Undefined variable:  sssion in ./ccvstest on line 
17
./ccvstest(17) : Warning - Undefined variable:  sssion

Program received signal SIGSEGV, Segmentation fault.
0x4024b791 in strlen () from /lib/libc.so.6
(gdb) bt
#0  0x4024b791 in strlen () from /lib/libc.so.6
#1  0x8071a0d in php_if_ccvs_lookup (ht=3, return_value=0x831164c, this_ptr=0x0, 
return_value_used=1) at ccvs.c:486
#2  0x8171cba in execute (op_array=0x82f5a3c) at ./zend_execute.c:1494
#3  0x8138084 in zend_execute_scripts (type=8, file_count=3) at zend.c:743
#4  0x806a27f in php_execute_script (primary_file=0xb924) at main.c:1196
#5  0x806825c in main (argc=2, argv=0xb9b4) at cgi_main.c:735
(gdb) 






Edit this bug report at http://bugs.php.net/?id=10447&edit=1


-- 
PHP Development Mailing List 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP-DEV] Bug #10447 Updated: ccvs_*() functions segfault when given invalid session ID

2001-04-22 Thread bmcadams


ID: 10447
Updated by: bmcadams
Reported By: [EMAIL PROTECTED]
Old-Status: Analyzed
Status: Assigned
Bug Type: CCVS related
PHP Version: 4.0 Latest CVS (22/04/2001)
Assigned To: [EMAIL PROTECTED]
Comments:

The fix that sterling put in place will at the least check if the session being passed 
is a string value: this still doesn't protect from someone arbitrarily passing any old 
string (for example "crash_ccvs"). 

While obviously it is up to the programmer to be smart and not pass a bad session to 
CCVS, CCVS Should not be segfaulting if they pass a bad value.

I am looking into a way to trap this value from being bad.

Previous Comments:
---

[2001-04-22 20:29:54] [EMAIL PROTECTED]
No, he didn't. :) The problem itself is that session IDs
are completely exposed (i.e. not resource- or list-based)
and there is no error-checking in the module. The check
that was added didn't help; the same code still segfaults
and all of the other affected functions are still affected.


---

[2001-04-22 20:21:19] [EMAIL PROTECTED]
Sterling fixed this in CVS.

- James

---

[2001-04-22 20:17:11] [EMAIL PROTECTED]
I have duplicated this issue on my end and I am looking into it.

Fix imminent.

---

[2001-04-22 19:37:22] [EMAIL PROTECTED]
The ccvs functions segfault when given an invalid session ID.

This works fine:


This segfaults:


Backtrace:
/home/www/php
shanna% gdb php
GNU gdb 19991116
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i586-mandrake-linux"...
(gdb) run ./ccvstest
Starting program: /usr/local/bin/php ./ccvstest
X-Powered-By: PHP/4.0.6-dev
Content-type: text/html

Trying a presumably invalid configuration: 
Returned: ''; Return type: string

Trying a presumably valid configuration:
Adding an invoice to the session:
Looking up the new invoice:
PHP Warning:  Undefined variable:  sssion in ./ccvstest on line 17

Warning:  Undefined variable:  sssion in ./ccvstest on line 
17
./ccvstest(17) : Warning - Undefined variable:  sssion

Program received signal SIGSEGV, Segmentation fault.
0x4024b791 in strlen () from /lib/libc.so.6
(gdb) bt
#0  0x4024b791 in strlen () from /lib/libc.so.6
#1  0x8071a0d in php_if_ccvs_lookup (ht=3, return_value=0x831164c, this_ptr=0x0, 
return_value_used=1) at ccvs.c:486
#2  0x8171cba in execute (op_array=0x82f5a3c) at ./zend_execute.c:1494
#3  0x8138084 in zend_execute_scripts (type=8, file_count=3) at zend.c:743
#4  0x806a27f in php_execute_script (primary_file=0xb924) at main.c:1196
#5  0x806825c in main (argc=2, argv=0xb9b4) at cgi_main.c:735
(gdb) 


---



ATTENTION! Do NOT reply to this email!
To reply, use the web interface found at http://bugs.php.net/?id=10447&edit=2


-- 
PHP Development Mailing List 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP-DEV] Bug #10447 Updated: ccvs_*() functions segfault when given invalid session ID

2001-04-22 Thread torben


ID: 10447
Updated by: torben
Reported By: [EMAIL PROTECTED]
Old-Status: Closed
Status: Analyzed
Bug Type: CCVS related
PHP Version: 4.0 Latest CVS (22/04/2001)
Assigned To: 
Comments:

No, he didn't. :) The problem itself is that session IDs
are completely exposed (i.e. not resource- or list-based)
and there is no error-checking in the module. The check
that was added didn't help; the same code still segfaults
and all of the other affected functions are still affected.


Previous Comments:
---

[2001-04-22 20:21:19] [EMAIL PROTECTED]
Sterling fixed this in CVS.

- James

---

[2001-04-22 20:17:11] [EMAIL PROTECTED]
I have duplicated this issue on my end and I am looking into it.

Fix imminent.

---

[2001-04-22 19:37:22] [EMAIL PROTECTED]
The ccvs functions segfault when given an invalid session ID.

This works fine:


This segfaults:


Backtrace:
/home/www/php
shanna% gdb php
GNU gdb 19991116
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i586-mandrake-linux"...
(gdb) run ./ccvstest
Starting program: /usr/local/bin/php ./ccvstest
X-Powered-By: PHP/4.0.6-dev
Content-type: text/html

Trying a presumably invalid configuration: 
Returned: ''; Return type: string

Trying a presumably valid configuration:
Adding an invoice to the session:
Looking up the new invoice:
PHP Warning:  Undefined variable:  sssion in ./ccvstest on line 17

Warning:  Undefined variable:  sssion in ./ccvstest on line 
17
./ccvstest(17) : Warning - Undefined variable:  sssion

Program received signal SIGSEGV, Segmentation fault.
0x4024b791 in strlen () from /lib/libc.so.6
(gdb) bt
#0  0x4024b791 in strlen () from /lib/libc.so.6
#1  0x8071a0d in php_if_ccvs_lookup (ht=3, return_value=0x831164c, this_ptr=0x0, 
return_value_used=1) at ccvs.c:486
#2  0x8171cba in execute (op_array=0x82f5a3c) at ./zend_execute.c:1494
#3  0x8138084 in zend_execute_scripts (type=8, file_count=3) at zend.c:743
#4  0x806a27f in php_execute_script (primary_file=0xb924) at main.c:1196
#5  0x806825c in main (argc=2, argv=0xb9b4) at cgi_main.c:735
(gdb) 


---



ATTENTION! Do NOT reply to this email!
To reply, use the web interface found at http://bugs.php.net/?id=10447&edit=2


-- 
PHP Development Mailing List 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP-DEV] Bug #10447 Updated: ccvs_*() functions segfault when given invalid session ID

2001-04-22 Thread jmoore


ID: 10447
Updated by: jmoore
Reported By: [EMAIL PROTECTED]
Old-Status: Analyzed
Status: Closed
Bug Type: CCVS related
PHP Version: 4.0 Latest CVS (22/04/2001)
Assigned To: 
Comments:

Sterling fixed this in CVS.

- James

Previous Comments:
---

[2001-04-22 20:17:11] [EMAIL PROTECTED]
I have duplicated this issue on my end and I am looking into it.

Fix imminent.

---

[2001-04-22 19:37:22] [EMAIL PROTECTED]
The ccvs functions segfault when given an invalid session ID.

This works fine:


This segfaults:


Backtrace:
/home/www/php
shanna% gdb php
GNU gdb 19991116
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i586-mandrake-linux"...
(gdb) run ./ccvstest
Starting program: /usr/local/bin/php ./ccvstest
X-Powered-By: PHP/4.0.6-dev
Content-type: text/html

Trying a presumably invalid configuration: 
Returned: ''; Return type: string

Trying a presumably valid configuration:
Adding an invoice to the session:
Looking up the new invoice:
PHP Warning:  Undefined variable:  sssion in ./ccvstest on line 17

Warning:  Undefined variable:  sssion in ./ccvstest on line 
17
./ccvstest(17) : Warning - Undefined variable:  sssion

Program received signal SIGSEGV, Segmentation fault.
0x4024b791 in strlen () from /lib/libc.so.6
(gdb) bt
#0  0x4024b791 in strlen () from /lib/libc.so.6
#1  0x8071a0d in php_if_ccvs_lookup (ht=3, return_value=0x831164c, this_ptr=0x0, 
return_value_used=1) at ccvs.c:486
#2  0x8171cba in execute (op_array=0x82f5a3c) at ./zend_execute.c:1494
#3  0x8138084 in zend_execute_scripts (type=8, file_count=3) at zend.c:743
#4  0x806a27f in php_execute_script (primary_file=0xb924) at main.c:1196
#5  0x806825c in main (argc=2, argv=0xb9b4) at cgi_main.c:735
(gdb) 


---



ATTENTION! Do NOT reply to this email!
To reply, use the web interface found at http://bugs.php.net/?id=10447&edit=2


-- 
PHP Development Mailing List 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP-DEV] Bug #10447 Updated: ccvs_*() functions segfault when given invalid session ID

2001-04-22 Thread bmcadams


ID: 10447
Updated by: bmcadams
Reported By: [EMAIL PROTECTED]
Old-Status: Open
Status: Analyzed
Bug Type: CCVS related
PHP Version: 4.0 Latest CVS (22/04/2001)
Assigned To: [EMAIL PROTECTED]
Comments:

I have duplicated this issue on my end and I am looking into it.

Fix imminent.

Previous Comments:
---

[2001-04-22 19:37:22] [EMAIL PROTECTED]
The ccvs functions segfault when given an invalid session ID.

This works fine:


This segfaults:


Backtrace:
/home/www/php
shanna% gdb php
GNU gdb 19991116
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i586-mandrake-linux"...
(gdb) run ./ccvstest
Starting program: /usr/local/bin/php ./ccvstest
X-Powered-By: PHP/4.0.6-dev
Content-type: text/html

Trying a presumably invalid configuration: 
Returned: ''; Return type: string

Trying a presumably valid configuration:
Adding an invoice to the session:
Looking up the new invoice:
PHP Warning:  Undefined variable:  sssion in ./ccvstest on line 17

Warning:  Undefined variable:  sssion in ./ccvstest on line 
17
./ccvstest(17) : Warning - Undefined variable:  sssion

Program received signal SIGSEGV, Segmentation fault.
0x4024b791 in strlen () from /lib/libc.so.6
(gdb) bt
#0  0x4024b791 in strlen () from /lib/libc.so.6
#1  0x8071a0d in php_if_ccvs_lookup (ht=3, return_value=0x831164c, this_ptr=0x0, 
return_value_used=1) at ccvs.c:486
#2  0x8171cba in execute (op_array=0x82f5a3c) at ./zend_execute.c:1494
#3  0x8138084 in zend_execute_scripts (type=8, file_count=3) at zend.c:743
#4  0x806a27f in php_execute_script (primary_file=0xb924) at main.c:1196
#5  0x806825c in main (argc=2, argv=0xb9b4) at cgi_main.c:735
(gdb) 


---



ATTENTION! Do NOT reply to this email!
To reply, use the web interface found at http://bugs.php.net/?id=10447&edit=2


-- 
PHP Development Mailing List 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP-DEV] Bug #10447 Updated: ccvs_*() functions segfault when given invalid session ID

[PHP-DEV] Bug #10447 Updated: ccvs_*() functions segfault when given invalid session ID

[PHP-DEV] Bug #10447 Updated: ccvs_*() functions segfault when given invalid session ID

[PHP-DEV] Bug #10447 Updated: ccvs_*() functions segfault when given invalid session ID

[PHP-DEV] Bug #10447 Updated: ccvs_*() functions segfault when given invalid session ID

[PHP-DEV] Bug #10447 Updated: ccvs_*() functions segfault when given invalid session ID

6 matches

Site Navigation

Mail list logo

Footer information