Public bug reported: Binary package hint: php5
After spending some time researching this, I realize the root cause may not be in php itself (but might), but not knowing the root cause, I am reporting it here. Environment: Ubuntu 8.04, PHP 5.2.4-2ubuntu5.9 with Suhosin-Patch 0.9.6.2 , suhosin, xcache, xdebug, mysql, gd, curl, ffmpeg, cli. The server runs several vhosted sites. The problem occurs consistently on one line of one site only. The site in question runs Drupal, and the error is triggered by the Drupal webforms module (at the same line every time) upon a form submission. Symptoms: After several days (3 to 14 days), the following error is reported: Jan 4 22:07:14 Garth suhosin[25113]: ALERT - canary mismatch on efree() - heap overflow detected (attacker '67.141.28.120', file '/raid/clients/midway.edu/htdocs/modules/webform/webform.module', line 2201) Jan 4 22:07:15 Garth suhosin[25116]: ALERT - canary mismatch on efree() - heap overflow detected (attacker '67.141.28.120', file '/raid/clients/midway.edu/htdocs/modules/webform/webform.module', line 2201) Jan 4 22:11:47 Garth suhosin[25119]: ALERT - canary mismatch on efree() - heap overflow detected (attacker '68.42.206.239', file '/raid/clients/midway.edu/htdocs/modules/webform/webform.module', line 2201) Jan 4 22:11:47 Garth suhosin[25141]: ALERT - canary mismatch on efree() - heap overflow detected (attacker '68.42.206.239', file '/raid/clients/midway.edu/htdocs/modules/webform/webform.module', line 2201) Jan 4 22:21:57 Garth suhosin[25154]: ALERT - canary mismatch on efree() - heap overflow detected (attacker '67.141.28.49', file '/raid/clients/midway.edu/htdocs/modules/webform/webform.module', line 2201) Jan 4 22:21:58 Garth suhosin[25139]: ALERT - canary mismatch on efree() - heap overflow detected (attacker '67.141.28.49', file '/raid/clients/midway.edu/htdocs/modules/webform/webform.module', line 2201) etc, etc. At always the exact same line number. At this point, anybody submitting any form on the site in question will trigger the error. Forms are an important aspect of the site, and this is breaking that functionality as none of the forms work as expected. Restarting Apache temporarily solves/works around the problem. Line 2201, that triggers the error: return $strict ? filter_xss($string) : $string; The filter_xss() Drupal function that is referenced: function filter_xss($string, $allowed_tags = array('a', 'em', 'strong', 'cite', 'code', 'ul', 'ol', 'li', 'dl', 'dt', 'dd')) { // Only operate on valid UTF-8 strings. This is necessary to prevent cross // site scripting issues on Internet Explorer 6. if (!drupal_validate_utf8($string)) { return ''; } // Store the input format _filter_xss_split($allowed_tags, TRUE); // Remove NUL characters (ignored by some browsers) $string = str_replace(chr(0), '', $string); // Remove Netscape 4 JS entities $string = preg_replace('%&\s*\{[^}]*(\}\s*;?|$)%', '', $string); // Defuse all HTML entities $string = str_replace('&', '&', $string); // Change back only well-formed entities in our whitelist // Named entities $string = preg_replace('/&([A-Za-z][A-Za-z0-9]*;)/', '&\1', $string); // Decimal numeric entities $string = preg_replace('/&#([0-9]+;)/', '&#\1', $string); // Hexadecimal numeric entities $string = preg_replace('/&#[Xx]0*((?:[0-9A-Fa-f]{2})+;)/', '&#x\1', $string); return preg_replace_callback('% ( <(?=[^a-zA-Z!/]) # a lone < | # or <[^>]*(>|$) # a string that starts with a <, up until the > or the end of the string | # or > # just a > )%x', '_filter_xss_split', $string); } This same site was moved from another Ubuntu 8.04 server with a very similar environment, and in almost 1 year, this error never occurred there. # apt-cache policy php5 php5: Installed: 5.2.4-2ubuntu5.9 Candidate: 5.2.4-2ubuntu5.9 Version table: *** 5.2.4-2ubuntu5.9 0 500 http://us.archive.ubuntu.com hardy-updates/main Packages 500 http://security.ubuntu.com hardy-security/main Packages 100 /var/lib/dpkg/status 5.2.4-2ubuntu5 0 500 http://us.archive.ubuntu.com hardy/main Packages # php -v PHP 5.2.4-2ubuntu5.9 with Suhosin-Patch 0.9.6.2 (cli) (built: Nov 26 2009 14:00:44) Copyright (c) 1997-2007 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies with Xdebug v2.0.2, Copyright (c) 2002-2007, by Derick Rethans with Suhosin v0.9.22, Copyright (c) 2007, by SektionEins GmbH # lsb_release -rd Description: Ubuntu 8.04.3 LTS Release: 8.04 ** Affects: php5 (Ubuntu) Importance: Undecided Status: New -- canary mismatch on efree() https://bugs.launchpad.net/bugs/503396 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs