PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

Regression Testing With JMeter
In Case You Missed It...The Month of January 2007
Importing Excel, Access or XML Data into MySQL Using Navicat
Sending Email from your PHP Applications
Making PHP Applications Cache-Friendly

[PHP-DEV] Bug #11806 Updated: Using $string = md5($string); crashed HTTP child processes From: derick <email protected>
Date: 07/01/01

Next message: abernard <email protected>: "[PHP-DEV] Bug #11824: Apache compilation with PHP/Mysql"
Previous message: dams <email protected>: "[PHP-DEV] Bug #11488 Updated: french translation error for the "str_replace" function"
Next in thread: zeev <email protected>: "[PHP-DEV] Bug #11806 Updated: Using $string = md5($string); crashed HTTP child processes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

ID: 11806
Updated by: derick
Reported By: joe <email protected>
Old-Status: Open
Status: Assigned
Bug Type: Reproducible crash
Operating system:
PHP Version: 4.0.6
Assigned To: derick
Comments:

Previous Comments:
---------------------------------------------------------------------------

[2001-07-01 06:45:31] derick <email protected>

Hello,

with debug enabled, do you see any errors in either your httpd errorlog or in /var/log/zenderrors ?

Derick

---------------------------------------------------------------------------

[2001-06-30 21:52:11] joe <email protected>

Update:

I have compiled php-4.0.6 with --enable-debug to try and get a backtrace, but when I do, the bug vanishes and the same code no longer crashed my httpd child process..

Here is some detailed info:

PHP 4.0.6 config line:
./configure --with-mysql --with-gd --enable-track-vars --with-jpeg-dir=/usr/local/lib
--enable-bcmath --with-apache=../apache_1.3.20 --enable-ftp --enable-sockets --with-mcrypt --enable-debug

and for Apache 1.3.20

EAPI_MM="../mm-1.1.3"
SSL_BASE="../openssl-0.9.6a"
./configure
"--enable-module=ssl"
"--with-layout=RedHat"
"--activate-module=src/modules/php4/libphp4.a"
"--enable-module=rewrite"

The script that is causing this error is:
http://www.nerdnet.com/compose.phps

As you can see, a use submits a form, which is the source of $cipher, an alphanumeric string, which is then encrypted and other actions take place after.

I am not using the Zend Optimizer or anything unusual here at all... If I run the httpd thru gdb and reproduce the crash it gives me an error in shutdown_memory_manager() when it crashes, but not much else since the bug disappears when I compile in debug into PHP... If any more info is needed let me know... Thanks PHP team, you guys rule!!!

Joe

---------------------------------------------------------------------------

[2001-06-30 05:10:11] derick <email protected>

Can you please post your script as .txt file on the web, so that I can check how the $cipher is generated?
And is it possibly for you to make a backtrace of this crash (http://www.php.net/bugs-generating-backtrace.php) as I couldn't reproduce it.

Derick

---------------------------------------------------------------------------

[2001-06-29 14:04:25] joe <email protected>

PHP Options:
'./configure' '--with-mysql' '--with-gd' '--enable-track-vars' '--with-jpeg-dir=/usr/local/lib' '--enable-bcmath' '--with-apache=../apache_1.3.20' '--enable-ftp' '--enable-sockets' '--with-mcrypt'

The problem I am having is:

When using the code:

$cipher = md5($cipher); httpd crashes the current child process with:

[Fri Jun 29 10:54:49 2001] [notice] child pid 9766 exit signal Segmentation fault (11)
[Fri Jun 29 10:54:50 2001] [notice] child pid 9920 exit signal Segmentation fault (11)

The page then fails to load, returning nothing to the browser.

Also, I have another function called CleanSring($string); which looks like:

function CleanString($string)
{
        $string = strip_tags($string);
        $string = preg_replace("/</?(html|head|meta|title|body|font|img|.jpg|.gif|.vbs|script|tr|table|text).*>/","",$string);
        $string = preg_replace("/</?(HTML|HEAD|META|TITLE|BODY|FONT|IMG|.JPG|.GIF|.VBS|SCRIPT|TR|TABLE|TEXT).*>/","",$string);
        $string = preg_replace("/<[^>]*>/","",$string);
        return $string;
}

Calling this function like:

$string = CleanString($string); causes the same problem.

Whats weird is I call md5() again below the problem code:

    $now = date("r");
    $thisID = md5(substr(makeID(), 0, 16));
    $onetimepass = substr(md5($thisID), 0, 8);

And neither of these causes the same problem, even when being used in the same document.

---------------------------------------------------------------------------

ATTENTION! Do NOT reply to this email!
To reply, use the web interface found at http://bugs.php.net/?id=11806&edit=2

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>

Next message: abernard <email protected>: "[PHP-DEV] Bug #11824: Apache compilation with PHP/Mysql"
Previous message: dams <email protected>: "[PHP-DEV] Bug #11488 Updated: french translation error for the "str_replace" function"
Next in thread: zeev <email protected>: "[PHP-DEV] Bug #11806 Updated: Using $string = md5($string); crashed HTTP child processes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]