ID: 20190
Comment by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Feedback
Bug Type: Apache related
Operating System: FreeBSD
PHP Version: 4.2.3
New Comment:
Previous dump was not the right one, sorry. I had
dumps for children disabled. This is now the right one ...
(gdb) bt
#0 0x280de8e1 in strlen () from /usr/lib/libc.so.4
#1 0x17 in ?? ()
#2 0x2836decb in php_check_open_basedir (path=0x8c79c98
"/www/doc/www.skkonline.ch-80/top/scripts2/schools.php")
at fopen_wrappers.c:211
#3 0x2836e19f in php_fopen_and_set_opened_path (
path=0x8c79c98
"/www/doc/www.skkonline.ch-80/top/scripts2/schools.php",
mode=0x284e1ac3 "rb",
opened_path=0xbfbff8d8) at fopen_wrappers.c:309
#4 0x2836e89d in php_fopen_with_path (filename=0x8c79c98
"/www/doc/www.skkonline.ch-80/top/scripts2/schools.php",
mode=0x284e1ac3 "rb", path=0x81ebb50 ".", opened_path=0xbfbff8d8)
at fopen_wrappers.c:494
#5 0x2836edc0 in php_fopen_url_wrapper (path=0x8c79c98
"/www/doc/www.skkonline.ch-80/top/scripts2/schools.php",
mode=0x284e1ac3 "rb", options=1, issock=0xbfbfe6f0,
socketd=0xbfbfe6ec, opened_path=0xbfbff8d8)
at fopen_wrappers.c:612
#6 0x2836e26d in php_fopen_wrapper (path=0x8c79c98
"/www/doc/www.skkonline.ch-80/top/scripts2/schools.php",
mode=0x284e1ac3 "rb", options=1, issock=0xbfbfe6f0,
socketd=0xbfbfe6ec, opened_path=0xbfbff8d8)
at fopen_wrappers.c:335
#7 0x2836b38c in php_fopen_wrapper_for_zend (
filename=0x8c79c98
"/www/doc/www.skkonline.ch-80/top/scripts2/schools.php",
opened_path=0xbfbff8d8) at main.c:583
#8 0x28336463 in open_file_for_scanning (file_handle=0xbfbff8d0) at
zend_language_scanner.c:2952
#9 0x28336611 in compile_file (file_handle=0xbfbff8d0, type=2) at
zend_language_scanner.c:3009
#10 0x2835bb4f in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at zend.c:823
#11 0x2836d0b9 in php_execute_script (primary_file=0xbfbff8d0) at
main.c:1399
#12 0x28367d82 in apache_php_module_main (r=0x8c78038,
display_source_mode=0) at sapi_apache.c:98
#13 0x28368c2c in send_php (r=0x8c78038, display_source_mode=0,
filename=0x8c79c98
"/www/doc/www.skkonline.ch-80/top/scripts2/schools.php") at
mod_php4.c:684
#14 0x28368c9f in send_parsed_php (r=0x8c78038) at mod_php4.c:703
(gdb) list
206 char *newpath;
207 char *ptr;
208 char *end;
209
210 pathbuf = estrdup(PG(open_basedir));
211 newpath =
estrdup(zend_get_executed_filename(TSRMLS_C));
212
213 ptr = pathbuf;
214 while (ptr && *ptr) {
215 end = strchr(ptr,
DEFAULT_DIR_SEPARATOR);
Previous Comments:
------------------------------------------------------------------------
[2002-10-31 10:40:02] [EMAIL PROTECTED]
If I allow the open_basedir restriction to pass,
I get now random segfaults :
Program terminated with signal 11, Segmentation fault.
#0 0x2835d21e in _object_and_properties_init (arg=0xbfbffccc,
class_type=0x0, properties=0xbfbffce2) at zend_API.c:584
584
ALLOC_HASHTABLE_REL(arg->value.obj.properties);
(gdb) bt
#0 0x2835d21e in _object_and_properties_init (arg=0xbfbffccc,
class_type=0x0, properties=0xbfbffce2) at zend_API.c:584
(gdb) list
579 }
580
581 if (properties) {
582 arg->value.obj.properties = properties;
583 } else {
584
ALLOC_HASHTABLE_REL(arg->value.obj.properties);
585 zend_hash_init(arg->value.obj.properties, 0,
NULL, ZVAL_PTR_DTOR, 0);
586 zend_hash_copy(arg->value.obj.properties,
&class_type->default_properties, (copy_ctor_func_t) zval_add_ref, (void
*) &tmp, sizeof(zval *));
587 }
588 arg->type = IS_OBJECT;
(gdb) p arg->value.obj.properties
$1 = (HashTable *) 0x636f6c2f
(gdb) p *arg->value.obj.properties
Cannot access memory at address 0x636f6c2f.
(gdb) p properties
$2 = (HashTable *) 0xbfbffce2
(gdb) p *properties
$3 = {nTableSize = 1212367181, nTableMask = 1162893652, nNumOfElements
= 942893373, nNextFreeElement = 1714236726,
pInternalPointer = 0x62656572, pListHead = 0x2e346473, pListTail =
0x53550033, arBuckets = 0x743d5245, pDestructor = 0x726f6f,
persistent = 77 'M', nApplyCount = 65 'A', bApplyProtection = 73
'I'}
(gdb) p *arg
$4 = {value = {lval = 1920169263, dval = 9.4870166287391071e+170, str =
{val = 0x7273752f <Address 0x7273752f out of bounds>,
len = 1668246575}, ht = 0x7273752f, obj = {ce = 0x7273752f,
properties = 0x636f6c2f}}, type = 97 'a', is_ref = 108 'l',
refcount = 29487}
------------------------------------------------------------------------
[2002-10-31 10:03:59] [EMAIL PROTECTED]
I already use this snapshot. And it still happens.
I'll post soon more info. I'm compiling now a debug version.
Martin
------------------------------------------------------------------------
[2002-10-31 09:23:36] [EMAIL PROTECTED]
Please try using this CVS snapshot:
http://snaps.php.net/php4-latest.tar.gz
For Windows:
http://snaps.php.net/win32/php4-win32-latest.zip
------------------------------------------------------------------------
[2002-10-31 09:01:33] [EMAIL PROTECTED]
Note that this bug is similar to a other bug,
http://bugs.php.net/bug.php?id=19292
It's not the same bug. There were some checks wrong
in fopen_wrappers.c. This is fixed in cvs.
This bug does show similar results as 19292,
but the source of the problem is completly different.
This a webserver with ~400 virtual servers, ~100
have php enabled.
I see the bug happen if I access frequently
pages of customer 1 (php enabled) and at the same time
customer 2.
------------------------------------------------------------------------
[2002-10-31 08:55:47] [EMAIL PROTECTED]
I've done this change in main/fopen_wrappers.c to see what
happens:
- php_error(E_WARNING, "open_basedir restriction
- in effect. File is in wrong directory");
+ php_error(E_WARNING, "open_basedir: File should
+ be in %s, but is in %s file (%s)",
+ pathbuf, path,
+ zend_get_executed_filename(TSRMLS_C));
let's say pathbuf=$a, path=$b,
zend_get_executed_filename=$c
As you see $a (which is PG(open_basedir)), should be
identical to the path without added filename of both
$b and $c.
The error is random. Sometimes $a and $c are correct,
and $b is plain wrong (from a previous request). Sometimes
$a and $c are correct, and $b is wrong.
[24-Oct-2002 10:49:19] PHP Warning: open_basedir: File should be in
/www/doc/www.aaa.ch-80, but is in /www/doc/
www.bbb.ch-80/html/visions/php/include/globals.inc in
/www/doc/www.aaa.ch-80/index.php on line 2
[24-Oct-2002 10:49:19] PHP Warning: open_basedir: File should be in
/www/doc/www.aaa.ch-80, but is in /www/doc/
www.bbb.ch-80/html/visions/php//wrapper.php in
/www/doc/www.aaa.ch-80/index.php on line 6
[24-Oct-2002 10:53:45] PHP Warning: open_basedir: File should be in
/www/doc/www.aaa.ch-80, but is in /www/doc/
www.bbb.ch-80/html/visions/php//include/globals.inc in
/www/doc/www.aaa.ch-80/index.php on line 2
[24-Oct-2002 10:53:45] PHP Warning: open_basedir: File should be in
/www/doc/www.aaa.ch-80, but is in /www/doc/
www.bbb.ch-80/html/visions/php//wrapper.php in
/www/doc/www.aaa.ch-80/index.php on line 6
This bug is critical and not fixed in cvs. I just tried
the newest snapshot and it's not fixed.
Martin
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=20190&edit=1
