Bug #51350 [Com]: recursively including non existing file causes segfault

Mon, 22 Mar 2010 13:39:25 -0700 

Edit report at http://bugs.php.net/bug.php?id=51350&edit=1

 ID:               51350
 Comment by:       tyra3l at gmail dot com
 Reported by:      slogster at gmail dot com
 Summary:          recursively including non existing file causes
                   segfault
 Status:           Bogus
 Type:             Bug
 Package:          Reproducible crash
 Operating System: freebsd & linux
 PHP Version:      5.2.13

 New Comment:

should worth to reading it.

could you at least give me the year for that discussion?

I think, that in this case the script should terminate by memory
exhaustion (memory_limit) or time_limit exhaustion, not with segfault.

In a managed language I shouldn't be able to do stack overflow from
userspace.

At least not this easily.


Previous Comments:
------------------------------------------------------------------------
[2010-03-22 21:29:00] paj...@php.net

That's known and there is no bug per se here.



Not everything the suhosin patch does is the right thing to do to solve
a problem. As far as I remember there was a (long) discussion on
internals about this. You may find it interesting.

------------------------------------------------------------------------
[2010-03-22 21:25:05] tyra3l at gmail dot com

suhosin protects against infinite recursion since 2006.

if you can crash the php engine from userland, then you can reset the
seed

http://www.baohx.com/extras/zendcon/lesserknownsecurityproblemsinphpapplications.pdf

page 33: attacker can get fresh seed by crashing php.

so its not only an inconvinience, but can be a security problem also.



Tyrael

------------------------------------------------------------------------
[2010-03-22 17:45:16] johan...@php.net

Recusrion in PHP leads to a stack overflow for the process, which we
can't properly handle ourselves so the operating system terminates the
PHP process. This is the expected behavior.

------------------------------------------------------------------------
[2010-03-22 17:08:20] slogster at gmail dot com

Description:
------------
function a(){include("/nofile"); a();} a();



/nofine is non existing file

Test script:
---------------
function a(){include("/nofile"); a();} a();



/nofile is non existing file

Expected result:
----------------
should not segfault

Actual result:
--------------
segfault


------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=51350&edit=1

Reply via email to