[PHP-DEV] Bug #9403: a bug in functions/sybase.c kills libphp3.so and httpd child. From: coyote <email protected>
Date: 02/22/01

From: coyote <email protected>
Operating system: Linux RedHat 6.2 (x86)
PHP version: 3.0.17
PHP Bug Type: Sybase (dblib) related
Bug description: a bug in functions/sybase.c kills libphp3.so and httpd child.

Hello,

        On apache-1.3.17+mod_ssl (taken from modssl.org as src.rpm) with
RedHat 6.2 with observed that a lot of our PHP3 scripts would cause an httpd
child to die with a seg fault. This was with both 3.0.17 and 3.0.18. Some of our
scripts would report a warning but most of them would just die in "sybase_connect"
with just 3 arguments. Usually, adding "iso_1" as a 4th argument would solve the
problem. All of these scripts were working fine on php-3.0.9. A dig in the source
showed up uninitalized use of "charset" in sybase.c. We patched sybase.c this way:

--- php-3.0.18.orig/functions/sybase.c Mon Aug 7 02:09:54 2000
+++ php-3.0.18/functions/sybase.c Thu Feb 22 14:12:34 2001
@@ -270,7 +270,7 @@
                
        switch(ARG_COUNT(ht)) {
                case 0: /* defaults */
- host=user=passwd=NULL;
+ host=user=passwd=charset=NULL;
                        hashed_details_length=6+3;
                        hashed_details = (char *) emalloc(hashed_details_length+
1);
                        strcpy(hashed_details,"sybase___");
@@ -283,7 +283,7 @@
                                }
                                convert_to_string(yyhost);
                                host = yyhost->value.str.val;
- user=passwd=NULL;
+ user=passwd=charset=NULL;
                                hashed_details_length = yyhost->value.str.len+6+
3;
                                hashed_details = (char *) emalloc(hashed_details
_length+1);
                                sprintf(hashed_details,"sybase_%s__",yyhost->val
ue.str.val);
@@ -299,7 +299,7 @@
                                convert_to_string(yyuser);
                                host = yyhost->value.str.val;
                                user = yyuser->value.str.val;
- passwd=NULL;
+ passwd=charset=NULL;
                                hashed_details_length = yyhost->value.str.len+yy
user->value.str.len+6+3;
                                hashed_details = (char *) emalloc(hashed_details
_length+1);
                                sprintf(hashed_details,"sybase_%s_%s_",yyhost->v
alue.str.val,yyuser->value.str.val);
@@ -317,6 +317,7 @@
                                host = yyhost->value.str.val;
                                user = yyuser->value.str.val;
                                passwd = yypasswd->value.str.val;
+ charset=NULL;
                                hashed_details_length = yyhost->value.str.len+yy
user->value.str.len+yypasswd->value.str.len+6+3;
                                hashed_details = (char *) emalloc(hashed_details
_length+1);
                                sprintf(hashed_details,"sybase_%s_%s_%s",yyhost-
>value.str.val,yyuser->value.str.val,yypasswd->value.str.val); /* SAFE */

If you need more information, can you please contact me? Thanks.

Vincent Cojot, coyote <email protected> 

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>