[PHP-BUG] Bug #65933 [NEW]: Cannot specify config lines longer than 1024 bytes
From: daveran...@php.net Operating system: Any PHP version: Irrelevant Package: FPM related Bug Type: Bug Bug description:Cannot specify config lines longer than 1024 bytes Description: Configuration lines cannot be longer than 1024 bytes because the file read buffer is hard-set to this size. http://lxr.php.net/xref/PHP_5_5/sapi/fpm/fpm/fpm_conf.c#1468 Ref of this problem in the real world: http://serverfault.com/questions/547394/is-there-a-limit-setting-a-php-admin-value-in-php-fpm Test script: --- disable_functions = dl,exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source,pcntl_exec,include,include_once,require,require_once,posix_mkfifo,posix_getlogin,posix_ttyname,getenv,get_current_use,proc_get_status,get_cfg_va,disk_free_space,disk_total_space,diskfreespace,getcwd,getlastmo,getmygid,getmyinode,getmypid,getmyuid,ini_set,mail,proc_nice,proc_terminate,proc_close,pfsockopen,fsockopen,apache_child_terminate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,fopen,tmpfile,bzopen,gzopen,chgrp,chmod,chown,copy,file_put_contents,lchgrp,lchown,link,mkdi,move_uploaded_file,rename,rmdi,symlink,tempnam,touch,unlink,iptcembed,ftp_get,ftp_nb_get,file_exists,file_get_contents,file,fileatime,filectime,filegroup,fileinode,filemtime,fileowne,fileperms,filesize,filetype,glob,is_di,is_executable,is_file,is_link,is_readable,is_uploaded_file,is_writable,is_writeable,linkinfo,lstat,parse_ini_file,pathinfo,readfile,readlink,realpath,stat,gzfile,create_functi on,phpinfo Expected result: php-fpm will start successfully Actual result: -- [20-Oct-2013 22:31:52] ERROR: [/file.conf:line] value is NULL for a ZEND_INI_PARSER_ENTRY [20-Oct-2013 22:31:52] ERROR: failed to load configuration file '/file.conf' [20-Oct-2013 22:31:52] ERROR: FPM initialization failed -- Edit bug report at https://bugs.php.net/bug.php?id=65933edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=65933r=trysnapshot54 Try a snapshot (PHP 5.5): https://bugs.php.net/fix.php?id=65933r=trysnapshot55 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=65933r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=65933r=fixed Fixed in release: https://bugs.php.net/fix.php?id=65933r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=65933r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=65933r=needscript Try newer version: https://bugs.php.net/fix.php?id=65933r=oldversion Not developer issue:https://bugs.php.net/fix.php?id=65933r=support Expected behavior: https://bugs.php.net/fix.php?id=65933r=notwrong Not enough info: https://bugs.php.net/fix.php?id=65933r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=65933r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=65933r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=65933r=php4 Daylight Savings: https://bugs.php.net/fix.php?id=65933r=dst IIS Stability: https://bugs.php.net/fix.php?id=65933r=isapi Install GNU Sed:https://bugs.php.net/fix.php?id=65933r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=65933r=float No Zend Extensions: https://bugs.php.net/fix.php?id=65933r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=65933r=mysqlcfg
Req #31248 [Asn]: SOAP-Client: mapping of overloaded functions fail
Edit report at https://bugs.php.net/bug.php?id=31248edit=1 ID: 31248 Updated by: dmi...@php.net Reported by:andreas dot filsinger at cargobay dot de Summary:SOAP-Client: mapping of overloaded functions fail Status: Assigned Type: Feature/Change Request Package:SOAP related Operating System: * PHP Version:5CVS-2005-03-29 Assigned To:dmitry Block user comment: N Private report: N New Comment: It's not going to be fixed. Previous Comments: [2013-10-15 18:04:29] wal3 at mindspring dot com Still having this problem on PHP Version 5.3.10-1ubuntu3.8 [2012-05-11 22:49:22] dlagtapon at gmail dot com Encountered in PHP 5.3.9 [2008-11-28 14:40:03] dmi...@php.net See also #43868 [2005-07-01 11:34:30] andreas dot filsinger at cargobay dot de * I just checked it against Version 5.1.0b2. Sorry it is NOT fixed. * I was forced to change the login acount details. So that the sample above do not work any more! If your want a updated sample code - please email me directly. Thanks. * If somebody is familar with AXIS, please put a class online, with publishes foo(char c) AND foo(int i) so we have a better test environment. I am not that kind of java guru which can do this i a minute. Thank you! Andreas [2005-03-29 11:14:20] andreas dot filsinger at cargobay dot de I just checked it against PHP 5.1.0-dev (cli) (built: Mar 29 2005 08:40:25) SORRY: It is all the same as 5.0.3: All function Prototyps are listed identical. Bug is still open! Andreas Filsinger The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=31248 -- Edit this bug report at https://bugs.php.net/bug.php?id=31248edit=1
[PHP-BUG] Bug #65936 [NEW]: dangling context pointer causes crash
From: tony2...@php.net
Operating system: *
PHP version: 5.5Git-2013-10-21 (Git)
Package: Reproducible crash
Bug Type: Bug
Bug description:dangling context pointer causes crash
Description:
Pointer to stream context is not cleared in persistent stream struct,
which results in a crash when re-using that stream.
Test script:
---
?php
function connect($host, $port, $timeout = 1) {
$conn_str = tcp://{$host}:{$port};
$opts = STREAM_CLIENT_CONNECT | STREAM_CLIENT_ASYNC_CONNECT
| STREAM_CLIENT_PERSISTENT;
$sock = stream_socket_client($conn_str, $errno, $errstr,
$timeout, $opts);
return $sock;
}
$sock = connect(google.com, 80);
$req = GET / HTTP/1.0\r\nHost: www.google.com\r\nAccept: */*\r\n\r\n;
$len = fwrite($sock, $req);
$data = stream_get_contents($sock);
echo $data;
Expected result:
No crash.
Actual result:
--
Program received signal SIGSEGV, Segmentation fault.
0x00764140 in php_stream_context_get_option
(context=0x7fd70dd833f8, wrappername=0xbe6fae socket,
optionname=0xbe6fa7 bindto,
optionvalue=0x7fff2c7b1680) at
/local/git/php-src/main/streams/streams.c:2219
2219if (FAILURE ==
zend_hash_find(Z_ARRVAL_P(context-options), (char*)wrappername,
strlen(wrappername)+1, (void**)wrapperhash)) {
(gdb) bt
#0 0x00764140 in php_stream_context_get_option
(context=0x7fd70dd833f8, wrappername=0xbe6fae socket,
optionname=0xbe6fa7 bindto,
optionvalue=0x7fff2c7b1680) at
/local/git/php-src/main/streams/streams.c:2219
#1 0x00773725 in php_tcp_sockop_connect (stream=0x10e2840,
sock=0x10e08b0, xparam=0x7fff2c7b1780)
at /local/git/php-src/main/streams/xp_socket.c:656
#2 0x00773bc4 in php_tcp_sockop_set_option (stream=0x10e2840,
option=7, value=0, ptrparam=0x7fff2c7b1780)
at /local/git/php-src/main/streams/xp_socket.c:757
#3 0x00761a76 in _php_stream_set_option (stream=0x10e2840,
option=7, value=0, ptrparam=0x7fff2c7b1780)
at /local/git/php-src/main/streams/streams.c:1353
#4 0x0077196e in php_stream_xport_connect (stream=0x10e2840,
name=0x7fd70dd7fc9e google.com:80, namelen=13, asynchronous=1,
timeout=0x7fff2c7b19e0, error_text=0x7fff2c7b18e0,
error_code=0x7fff2c7b19d4) at
/local/git/php-src/main/streams/transports.c:243
#5 0x007713fb in _php_stream_xport_create (name=0x7fd70dd7fc9e
google.com:80, namelen=13, options=8, flags=18,
persistent_id=0x7fd70dd82da8
stream_socket_client__tcp://google.com:80, timeout=0x7fff2c7b19e0,
context=0x7fd70dd833f8, error_string=0x7fff2c7b19c0,
error_code=0x7fff2c7b19d4, __php_stream_call_depth=0,
__zend_filename=0xbdf140
/local/git/php-src/ext/standard/streamsfuncs.c, __zend_lineno=134,
__zend_orig_filename=0x0, __zend_orig_lineno=0) at
/local/git/php-src/main/streams/transports.c:143
#6 0x00726d3b in zif_stream_socket_client (ht=5,
return_value=0x7fd70dd81690, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=1)
at /local/git/php-src/ext/standard/streamsfuncs.c:131
#7 0x00816f6e in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fd70dd4f078) at
/local/git/php-src/Zend/zend_vm_execute.h:550
#8 0x0081b868 in ZEND_DO_FCALL_SPEC_CONST_HANDLER
(execute_data=0x7fd70dd4f078) at
/local/git/php-src/Zend/zend_vm_execute.h:2329
#9 0x0081665f in execute_ex (execute_data=0x7fd70dd4f078) at
/local/git/php-src/Zend/zend_vm_execute.h:363
#10 0x008166e7 in zend_execute (op_array=0x7fd70dd7fd78) at
/local/git/php-src/Zend/zend_vm_execute.h:388
#11 0x007d8554 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /local/git/php-src/Zend/zend.c:1320
#12 0x007452fe in php_execute_script
(primary_file=0x7fff2c7b61a0) at /local/git/php-src/main/main.c:2489
#13 0x00892bcf in main (argc=1, argv=0x7fff2c7b63c8) at
/local/git/php-src/sapi/fpm/fpm/fpm_main.c:1933
--
Edit bug report at https://bugs.php.net/bug.php?id=65936edit=1
--
Try a snapshot (PHP 5.4):
https://bugs.php.net/fix.php?id=65936r=trysnapshot54
Try a snapshot (PHP 5.5):
https://bugs.php.net/fix.php?id=65936r=trysnapshot55
Try a snapshot (trunk):
https://bugs.php.net/fix.php?id=65936r=trysnapshottrunk
Fixed in SVN: https://bugs.php.net/fix.php?id=65936r=fixed
Fixed in release: https://bugs.php.net/fix.php?id=65936r=alreadyfixed
Need backtrace: https://bugs.php.net/fix.php?id=65936r=needtrace
Need Reproduce Script: https://bugs.php.net/fix.php?id=65936r=needscript
Try newer version: https://bugs.php.net/fix.php?id=65936r=oldversion
Not developer issue:https://bugs.php.net/fix.php?id=65936r=support
Expected behavior: https://bugs.php.net/fix.php?id=65936r=notwrong
Not enough info:
https://bugs.php.net/fix.php?id=65936r=notenoughinfo
Submitted twice:
https://bugs.php.net/fix.php?id=65936r=submittedtwice
Bug #65936 [Asn-Csd]: dangling context pointer causes crash
Edit report at https://bugs.php.net/bug.php?id=65936edit=1
ID: 65936
Updated by: tony2...@php.net
Reported by:tony2...@php.net
Summary:dangling context pointer causes crash
-Status: Assigned
+Status: Closed
Type: Bug
Package:Reproducible crash
Operating System: *
PHP Version:5.5Git-2013-10-21 (Git)
Assigned To:tony2001
Block user comment: N
Private report: N
New Comment:
Automatic comment on behalf of tony2001
Revision:
http://git.php.net/?p=php-src.git;a=commit;h=b636c03426193ecf0b7e166126a14b70ce8185e9
Log: fix bug #65936 (dangling context pointer causes crash)
Previous Comments:
[2013-10-21 10:52:54] tony2...@php.net
Description:
Pointer to stream context is not cleared in persistent stream struct, which
results in a crash when re-using that stream.
Test script:
---
?php
function connect($host, $port, $timeout = 1) {
$conn_str = tcp://{$host}:{$port};
$opts = STREAM_CLIENT_CONNECT | STREAM_CLIENT_ASYNC_CONNECT |
STREAM_CLIENT_PERSISTENT;
$sock = stream_socket_client($conn_str, $errno, $errstr, $timeout,
$opts);
return $sock;
}
$sock = connect(google.com, 80);
$req = GET / HTTP/1.0\r\nHost: www.google.com\r\nAccept: */*\r\n\r\n;
$len = fwrite($sock, $req);
$data = stream_get_contents($sock);
echo $data;
Expected result:
No crash.
Actual result:
--
Program received signal SIGSEGV, Segmentation fault.
0x00764140 in php_stream_context_get_option (context=0x7fd70dd833f8,
wrappername=0xbe6fae socket, optionname=0xbe6fa7 bindto,
optionvalue=0x7fff2c7b1680) at
/local/git/php-src/main/streams/streams.c:2219
2219if (FAILURE == zend_hash_find(Z_ARRVAL_P(context-options),
(char*)wrappername, strlen(wrappername)+1, (void**)wrapperhash)) {
(gdb) bt
#0 0x00764140 in php_stream_context_get_option
(context=0x7fd70dd833f8, wrappername=0xbe6fae socket, optionname=0xbe6fa7
bindto,
optionvalue=0x7fff2c7b1680) at
/local/git/php-src/main/streams/streams.c:2219
#1 0x00773725 in php_tcp_sockop_connect (stream=0x10e2840,
sock=0x10e08b0, xparam=0x7fff2c7b1780)
at /local/git/php-src/main/streams/xp_socket.c:656
#2 0x00773bc4 in php_tcp_sockop_set_option (stream=0x10e2840,
option=7, value=0, ptrparam=0x7fff2c7b1780)
at /local/git/php-src/main/streams/xp_socket.c:757
#3 0x00761a76 in _php_stream_set_option (stream=0x10e2840, option=7,
value=0, ptrparam=0x7fff2c7b1780)
at /local/git/php-src/main/streams/streams.c:1353
#4 0x0077196e in php_stream_xport_connect (stream=0x10e2840,
name=0x7fd70dd7fc9e google.com:80, namelen=13, asynchronous=1,
timeout=0x7fff2c7b19e0, error_text=0x7fff2c7b18e0,
error_code=0x7fff2c7b19d4) at /local/git/php-src/main/streams/transports.c:243
#5 0x007713fb in _php_stream_xport_create (name=0x7fd70dd7fc9e
google.com:80, namelen=13, options=8, flags=18,
persistent_id=0x7fd70dd82da8 stream_socket_client__tcp://google.com:80,
timeout=0x7fff2c7b19e0, context=0x7fd70dd833f8, error_string=0x7fff2c7b19c0,
error_code=0x7fff2c7b19d4, __php_stream_call_depth=0,
__zend_filename=0xbdf140 /local/git/php-src/ext/standard/streamsfuncs.c,
__zend_lineno=134,
__zend_orig_filename=0x0, __zend_orig_lineno=0) at
/local/git/php-src/main/streams/transports.c:143
#6 0x00726d3b in zif_stream_socket_client (ht=5,
return_value=0x7fd70dd81690, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=1)
at /local/git/php-src/ext/standard/streamsfuncs.c:131
#7 0x00816f6e in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fd70dd4f078) at /local/git/php-src/Zend/zend_vm_execute.h:550
#8 0x0081b868 in ZEND_DO_FCALL_SPEC_CONST_HANDLER
(execute_data=0x7fd70dd4f078) at /local/git/php-src/Zend/zend_vm_execute.h:2329
#9 0x0081665f in execute_ex (execute_data=0x7fd70dd4f078) at
/local/git/php-src/Zend/zend_vm_execute.h:363
#10 0x008166e7 in zend_execute (op_array=0x7fd70dd7fd78) at
/local/git/php-src/Zend/zend_vm_execute.h:388
#11 0x007d8554 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /local/git/php-src/Zend/zend.c:1320
#12 0x007452fe in php_execute_script (primary_file=0x7fff2c7b61a0) at
/local/git/php-src/main/main.c:2489
#13 0x00892bcf in main (argc=1, argv=0x7fff2c7b63c8) at
/local/git/php-src/sapi/fpm/fpm/fpm_main.c:1933
--
Edit this bug report at https://bugs.php.net/bug.php?id=65936edit=1
[PHP-BUG] Req #65935 [NEW]: support for checking script uid/gid
From: mustnotbevalid at example dot com Operating system: Linux PHP version: 5.4.21 Package: FPM related Bug Type: Feature/Change Request Bug description:support for checking script uid/gid Description: For security reasons, it would be nice to have the option similar to Apache suExec where FPM checks the uid/gid of the script file before executing it, and only allowing scripts to be executed with a matching uid/gid specified in the pool config file. This would serve as an extra layer of defense against exploit attempts which try to write files via PHP or other CGI scripts as they would be saved with the uid of the webserver. Combined with verbose logging of such requests, this would also serve as an a good indicator that some scripts on the system are insecure. -- Edit bug report at https://bugs.php.net/bug.php?id=65935edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=65935r=trysnapshot54 Try a snapshot (PHP 5.5): https://bugs.php.net/fix.php?id=65935r=trysnapshot55 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=65935r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=65935r=fixed Fixed in release: https://bugs.php.net/fix.php?id=65935r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=65935r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=65935r=needscript Try newer version: https://bugs.php.net/fix.php?id=65935r=oldversion Not developer issue:https://bugs.php.net/fix.php?id=65935r=support Expected behavior: https://bugs.php.net/fix.php?id=65935r=notwrong Not enough info: https://bugs.php.net/fix.php?id=65935r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=65935r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=65935r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=65935r=php4 Daylight Savings: https://bugs.php.net/fix.php?id=65935r=dst IIS Stability: https://bugs.php.net/fix.php?id=65935r=isapi Install GNU Sed:https://bugs.php.net/fix.php?id=65935r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=65935r=float No Zend Extensions: https://bugs.php.net/fix.php?id=65935r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=65935r=mysqlcfg
