ID: 25753
Comment by: david at bizeweb dot com
Reported By: [EMAIL PROTECTED]
Status: Closed
Bug Type: Apache related
Operating System: *
PHP Version: 4CVS, 5CVS
New Comment:
I found out that to use the CVS that you'll need to use .buildconf
first. I had not done that. I have installed the cvs php properly now
(I hope) and can not repeat the error. Sorry if I got anyone looking
for something that wasn't there.
Previous Comments:
------------------------------------------------------------------------
[2004-02-02 08:25:48] david at bizeweb dot com
I a related problem to an apache list, and someone directed me to here.
I thought timing was so perfect and that the problem was fixed.
However, I think this bug still exists. Unless I need to install a
specific CVS version. I have php4-STABLE-200402012230 installed on a
RH9 with apache2.0.44 with a php config of
CFLAGS="-I/usr/kerberos/include -DSECURITY_HOLE_PASS_AUTHORIZATION"
./configure --with-apxs2=/usr/local/apache/bin/apxs --with-gettext
--with-imap=/dl/imap-2001a --with-kerberos --with-glibcc --with-xml
--with-mysql.
I've isolated my server and in my httpd.conf have set the following for
easy testing.
StartServers 1
MinSpareServers 1
MaxSpareServers 2
<VirtualHost x.x.x.x:80>
ServerName foo.com
</VirtualHost>
<VirtualHost x.x.x.x:80>
php_admin_flag engine off
ServerName foo2.com
</VirtualHost>
I can keep going to foo.com without any problems as soon as I goto
foo2.com, then foo.com will attempt to dl the php files.
I'm new to this field, but if I can help just ask.
------------------------------------------------------------------------
[2004-01-28 12:40:04] [EMAIL PROTECTED]
This only happens on text/html files with the executable bit set. If
the +x bit is set, we load the current ini settings and if php's
xbithack option is not set we decline the request but forget to reset
the ini settings potentially leaking them to the next request. This is
now fixed in CVS and will be in the next release of both PHP4 and PHP5.
------------------------------------------------------------------------
[2004-01-28 00:47:04] rover at tob dot ru
We examine source files more carefull and remake a patch:
diff -udr php-4.3.3/sapi/apache/mod_php4.c
php-4.3.3.patched/sapi/apache/mod_php4.c
--- php-4.3.3/sapi/apache/mod_php4.c 2003-06-03 11:41:49.000000000
+0600
+++ php-4.3.3.patched/sapi/apache/mod_php4.c 2004-01-28
10:48:27.000000000 +0500
@@ -830,6 +830,9 @@
}
if(!AP(xbithack)) {
r->allowed |= (1 << METHODS) - 1;
+ zend_try {
+ zend_ini_deactivate(TSRMLS_C);
+ } zend_end_try();
return DECLINED;
}
return send_parsed_php(r);
------------------------------------------------------------------------
[2004-01-27 13:36:14] rover at tob dot ru
It seems we have found a bug in mod_php4.c. We can 100% reproduce this
error. How to reproduce (our case):
in httpd.conf we have:
# to enable only one instance of apache process
StartServers 1
MaxClients 1
#
<Directory /var/www/info/>
php_value engine off
</Directory>
in php.ini:
Engine = On,
we enable php-scripts at all site, but disable in /info.
Let's begin:
#/usr/sbin/apache.dbg -f /etc/apache/httpd.conf
#gbd /usr/sbin/apache.gdb pid_of_child (attach to child, what serve
requests)
(gdb)p php_apache_info.engine
=1 ! php-engine ENABLED
(gdb)watch php_apache_info.engine ! VERY IMPORTANT
(gdb)break send_php ! bug in this func.
(gdb)c
1) Request a usual file from http://our.site/info/index.html:
Because we define 'php_value off' for this directory - at line 829 in
function php_xbithack_handler(remember - we process text/html) we call
zend_hash_apply((HashTable *) per_dir_conf, (apply_func_t)
php_apache_alter_ini_entries TSRMLS_CC);
and change our 'engine' value to 0.
backtrace for this call (don't look at line number - they shifted
because i insert debug lines in source files):
Hardware watchpoint 1: php_apache_info.engine
Old value = 1
New value = 0
#0 OnUpdateInt (entry=0x80dc778, new_value=0x80d3cc4 "off",
new_value_length=3, mh_arg1=0x0, mh_arg2=0x4057f92c,
mh_arg3=0x0, stage=4) at
/usr/local/src/apache2+php4/php4-4.3.3/Zend/zend_ini.c:453
#1 0x4051110a in zend_alter_ini_entry (name=0x80de170 "engine",
name_length=7, new_value=0x80de180 "off",
new_value_length=3, modify_type=2, stage=4) at
/usr/local/src/apache2+php4/php4-4.3.3/Zend/zend_ini.c:212
#2 0x40519fc6 in php_apache_alter_ini_entries
(per_dir_entry=0x812c598)
at
/usr/local/src/apache2+php4/php4-4.3.3/sapi/apache/mod_php4.c:511
#3 0x4050b8f9 in zend_hash_apply (ht=0x809fc98, apply_func=0x40519f40
<php_apache_alter_ini_entries>)
at /usr/local/src/apache2+php4/php4-4.3.3/Zend/zend_hash.c:698
#4 0x4051ad1b in php_xbithack_handler (r=0x81367ec)
at
/usr/local/src/apache2+php4/php4-4.3.3/sapi/apache/mod_php4.c:850
#5 0x080551c3 in ap_invoke_handler (r=0x81367ec) at http_config.c:518
#6 0x08067e28 in process_request_internal (r=0x81367ec) at
http_request.c:1332
#7 0x08067fd4 in ap_process_request (r=0x81367ec) at
http_request.c:1348
#8 0x08060644 in child_main (child_num_arg=0) at http_main.c:4719
#9 0x080607f7 in make_child (s=0x0, slot=0, now=0) at
http_main.c:4898
#10 0x08060920 in startup_children (number_to_start=1) at
http_main.c:4925
#11 0x0806149a in standalone_main (argc=1, argv=0xbffffdf4) at
http_main.c:5244
#12 0x08061a08 in main (argc=1, argv=0xbffffdf4) at http_main.c:5601
Result of 1): we process http://our.site/info/index.html succefull and
set global var 'engine'=0!
Now we try to access http://our.site/index.php
2) breakpoint 2 executed:
Breakpoint 2, send_php (r=0x81367ec, display_source_mode=0,
filename=0x0)
at
/usr/local/src/apache2+php4/php4-4.3.3/sapi/apache/mod_php4.c:544
544 fh.free_filename = 0;
#0 send_php (r=0x81367ec, display_source_mode=0, filename=0x0)
at
/usr/local/src/apache2+php4/php4-4.3.3/sapi/apache/mod_php4.c:544
#1 0x4051a6eb in send_parsed_php (r=0x81367ec) at
/usr/local/src/apache2+php4/php4-4.3.3/sapi/apache/mod_php4.c:655
#2 0x080551c3 in ap_invoke_handler (r=0x81367ec) at http_config.c:518
#3 0x08067e28 in process_request_internal (r=0x81367ec) at
http_request.c:1332
#4 0x08067fd4 in ap_process_request (r=0x81367ec) at
http_request.c:1348
#5 0x08060644 in child_main (child_num_arg=135489516) at
http_main.c:4719
#6 0x080607f7 in make_child (s=0x81367ec, slot=0, now=135489516) at
http_main.c:4898
#7 0x08060920 in startup_children (number_to_start=1) at
http_main.c:4925
#8 0x0806149a in standalone_main (argc=1, argv=0xbffffdf4) at
http_main.c:5244
#9 0x08061a08 in main (argc=1, argv=0xbffffdf4) at http_main.c:5601
But look at 'engine' - IT HAVE OLD VALUE = 0! What happend next:
In mod_php4.c at line 570(original file from 4.3.3,4.3.4,4.3.5RC1) we
have:
if (!AP(engine)) {
r->content_type = php_apache_get_default_mimetype(r
TSRMLS_CC);
r->allowed |= (1 << METHODS) - 1;
zend_try {
zend_ini_deactivate(TSRMLS_C);
} zend_end_try();
return DECLINED;
}
and instead serve index.php as x-application-php we only return
DECLINE. Continue:
3)(gdb)c
Hardware watchpoint 1: php_apache_info.engine
Old value = 0
New value = 1
OnUpdateInt (entry=0x80dc778, new_value=0x80b53e0 "1",
new_value_length=1, mh_arg1=0x0, mh_arg2=0x4057f92c,
mh_arg3=0x0, stage=8) at
/usr/local/src/apache2+php4/php4-4.3.3/Zend/zend_ini.c:453
453
1: php_apache_info = {engine = 1, last_modified = 0, xbithack = 0,
terminate_child = 0, in_request = 0 '\0'}
(gdb) bt
#0 OnUpdateInt (entry=0x80dc778, new_value=0x80b53e0 "1",
new_value_length=1, mh_arg1=0x0, mh_arg2=0x4057f92c,
mh_arg3=0x0, stage=8) at
/usr/local/src/apache2+php4/php4-4.3.3/Zend/zend_ini.c:453
#1 0x40510bcf in zend_restore_ini_entry_cb (ini_entry=0x80dc778,
stage=8)
at /usr/local/src/apache2+php4/php4-4.3.3/Zend/zend_ini.c:51
#2 0x4050b990 in zend_hash_apply_with_argument (ht=0x80b4f48,
apply_func=0x40510b40 <zend_restore_ini_entry_cb>,
argument=0x8) at
/usr/local/src/apache2+php4/php4-4.3.3/Zend/zend_hash.c:717
#3 0x40510cdb in zend_ini_deactivate () at
/usr/local/src/apache2+php4/php4-4.3.3/Zend/zend_ini.c:89
#4 0x40510b40 in zend_remove_ini_entries (ini_entry=0x90,
module_number=0x0)
at /usr/local/src/apache2+php4/php4-4.3.3/Zend/zend_ini.c:44
This only happend at line 574 where we RESET all variables to default
value.
To solve this bug we must RESET all ini_entries to default values in
send_php function. Maybe authors suggest better method to restore
default values instead using zend_ini_deactivate(TSRMLS_C);
------------------------------------------------------------------------
[2003-10-22 04:01:39] mattias at segerdahl dot info
Sniper,
I accidently ran into this bug a few moments ago. I talked to Derick
about it in the channel and we agreed I would do some testing. There
are some particular strange behaviour.
I will try to explain as well as include the files needed to reproduce
this error. But first let me point out one thing that I find really
weird.
This only occurs when the apache server has not been accessed for a
while, if you reload the page directly after you've encountered this
error message, it will work perfectly.
The error message is:
Warning: Unknown(): open_basedir restriction in effect.
File(/var/www/users.bitcom.se/index.php) is not within the allowed
path(s): (/var/www/www.sol.se) in Unknown on line 0
Warning: Unknown(/var/www/users.bitcom.se/index.php): failed to open
stream: Operation not permitted in Unknown on line 0
Warning: (null)(): Failed opening '/var/www/users.bitcom.se/index.php'
for inclusion (include_path='.:/usr/local/php//lib/php') in Unknown on
line 0
My php.ini file http://www.segerdahl.info/25753/php.ini
My httpd.conf file http://www.segerdahl.info/25753/httpd.conf
Server version: Apache/2.0.47
Server built: Oct 20 2003 18:39:21
PHP 4.3.4RC4 configured as:
'./configure' '--with-apxs2=/usr/local/httpd/bin/apxs'
'--enable-mbstring' '--with-pear' '--with-mysql'
'--enable-magic-quotes' '--with-ftp' '--sysconfdir=/etc/php'
'--with-config-file-path=/etc/php' '--prefix=/usr/local/php/'
'--enable-mbstring' '--with-curl' '--enable-ftp'
APACHE configured as:
./configure --sysconfdir=/etc/httpd/conf --enable-ssl
--prefix=/usr/local/httpd --enable-modules=dso,most
Contact me on efnet if you need more information... // bad2da
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/25753
--
Edit this bug report at http://bugs.php.net/?id=25753&edit=1
