Bug #51350 [Com]: recursively including non existing file causes segfault

[tyra3l at gmail dot com]

Edit report at http://bugs.php.net/bug.php?id=51350&edit=1

 ID:               51350
 Comment by:       tyra3l at gmail dot com
 Reported by:      slogster at gmail dot com
 Summary:          recursively including non existing file causes
                   segfault
 Status:           Bogus
 Type:             Bug
 Package:          Reproducible crash
 Operating System: freebsd & linux
 PHP Version:      5.2.13

 New Comment:

afaik you need the suhosin extension for this functionality, not just
the patch. 

http://www.hardened-php.net/suhosin/configuration.html#suhosin.executor.max_depth



Tyrael


Previous Comments:
------------------------------------------------------------------------
[2010-03-22 22:52:16] slogster at gmail dot com

I've tried it with Suhosin-Patch 0.9.7 and it segfaults too

------------------------------------------------------------------------
[2010-03-22 21:39:15] tyra3l at gmail dot com

should worth to reading it.

could you at least give me the year for that discussion?

I think, that in this case the script should terminate by memory
exhaustion (memory_limit) or time_limit exhaustion, not with segfault.

In a managed language I shouldn't be able to do stack overflow from
userspace.

At least not this easily.

------------------------------------------------------------------------
[2010-03-22 21:29:00] paj...@php.net

That's known and there is no bug per se here.



Not everything the suhosin patch does is the right thing to do to solve
a problem. As far as I remember there was a (long) discussion on
internals about this. You may find it interesting.

------------------------------------------------------------------------
[2010-03-22 21:25:05] tyra3l at gmail dot com

suhosin protects against infinite recursion since 2006.

if you can crash the php engine from userland, then you can reset the
seed

http://www.baohx.com/extras/zendcon/lesserknownsecurityproblemsinphpapplications.pdf

page 33: attacker can get fresh seed by crashing php.

so its not only an inconvinience, but can be a security problem also.



Tyrael

------------------------------------------------------------------------
[2010-03-22 17:45:16] johan...@php.net

Recusrion in PHP leads to a stack overflow for the process, which we
can't properly handle ourselves so the operating system terminates the
PHP process. This is the expected behavior.

------------------------------------------------------------------------


The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

    http://bugs.php.net/bug.php?id=51350


-- 
Edit this bug report at http://bugs.php.net/bug.php?id=51350&edit=1