HOME Community Articles Code Library People Mail Archive My Account Contribute PHP Jobs

Open Source Database Feature Comparison Matrix Try Declarative Programming with Annotations and Aspects Locate All Stored Procedures and Their Objects/SQL Tables Building a Stored Procedure Generator Making Tables Read-only in Oracle

24-hour Support Daily Backup Dedicated Servers JSP/Java Servlets PHP MySQL Streaming Audio/Video Telnet/SSH Unix Hosting 24-hour Support

From: Phil Driscoll (phil <email protected>)
Date: 02/13/00

• Next message: Andi Gutmans: "[PHP-DEV] ODBC maintainers"
• Previous message: Bug Database: "[PHP-DEV] PHP 4.0 Bug #2886 Updated: Access - unhandled exception, output hangs"
• Next in thread: Zeev Suraski: "Re: [PHP-DEV] Win32 pre-Beta 4 NT version - important bug (at least I think so!)"
• Reply: Zeev Suraski: "Re: [PHP-DEV] Win32 pre-Beta 4 NT version - important bug (at least I think so!)"
• Maybe reply: Phil Driscoll: "Re: [PHP-DEV] Win32 pre-Beta 4 NT version - important bug (at least I think so!)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Just installed the pre-beta 4 version on NT4 SP4 IIS4 MySQL setup.

The main bug that was preventing me from using beta 3 in a production
environment was bug #3041 where posting more than about 4K of data causes
the server to hang. The problem is still there, and I would have thought
that it would affect almost all users of php on NT - even if you are only
expecting small posts, there is nothing to stop a malicious user sending a
big one to bring your server down.

Anton Kalmykov (anton <email protected>) has investigated the cause of the problem
and has localised it to a call to erealloc. Apparently, the post reader
function reads the post data in 4k blocks. The first block gets read in ok,
but when 4k has been read and the data buffer is reallocated to increase its
size by another 4k, the pointer to the buffer has changed and the post
reader function hangs. Anton has compiled a 'work around' version which just
increases the block size to 100K so that posts smaller than that work ok,
but it is still easy, particularly with file uploads, to exceed that and
bring the server down.

I am happy to help with any testing if someone can work out where the
pointer is getting corrupted.

For information, installation went smoothly except that I forgot to download
the new php mysql dlls, having not read Andi's post on the subject closely
enough. On the grounds that many users are likely to do this once beta 4 is
released, I think that it would be a good idea for the php4ts dll to
complain about incompatible extension dlls rather than just carry on
quietly.

Cheers

--
Phil Driscoll
Dial Solutions
+44 (0)113 294 5112
http://www.dialsolutions.com
http://www.dtonline.org
-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>

• Next message: Andi Gutmans: "[PHP-DEV] ODBC maintainers"
• Previous message: Bug Database: "[PHP-DEV] PHP 4.0 Bug #2886 Updated: Access - unhandled exception, output hangs"
• Next in thread: Zeev Suraski: "Re: [PHP-DEV] Win32 pre-Beta 4 NT version - important bug (at least I think so!)"
• Reply: Zeev Suraski: "Re: [PHP-DEV] Win32 pre-Beta 4 NT version - important bug (at least I think so!)"
• Maybe reply: Phil Driscoll: "Re: [PHP-DEV] Win32 pre-Beta 4 NT version - important bug (at least I think so!)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]