#21657 [Bgs]: Stack seems compromised when using Sessions
ID: 21657
User updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Bogus
Bug Type: Session related
Operating System: W2K server SP2 or NT4 SP6 work.
PHP Version: 4.3.0
New Comment:
My intention was not to register a non-existing variable. Anyway I
noticed that PHP behaved in a strange way, so I decided to report this
behavior, also because it was normal in PHP 4.2.3. When I passed to the
new version (4.3.0) I noticed it and spent an hour to find the problem
(the code I sent is a reproduction of the error, but the real code is
much more complex).
I know it's not a "normal" way to program in PHP.
Thank you for your fast answer!
Previous Comments:
[2003-01-15 14:52:51] [EMAIL PROTECTED]
And you should be using $_SESSION anyway (with register_globals=Off).
[2003-01-15 14:52:07] [EMAIL PROTECTED]
Why an earth do you want to register non-existing variable?
[2003-01-15 07:37:35] [EMAIL PROTECTED]
Take the code that follows and save it in a file called test.php.
If you now call the file via a web browser PHP will write a strange
string. This is due to the session registering done in the case 0 of
the switch. It should print "test_variable=".
The strange this happens when you register a variable which has been
assigned with an unset other one.
And the thing happens only the first time the browser hits the page. At
a refresh everything works.
\n";
echo "\n";
echo "parms='".$parms."'\n";
echo "\n";
echo "\n";
}
session_start();
switch ($status) {
case 0:
$f_caller = isset($funcname) ? $funcname:"";
//$f_test_variable = isset($test_variable) ? $test_variable:"";
$f_test_variable = $test_variable; // comment this and uncomment
the line above to make it work
// since $test_variable is not set, it seems that memory gets
upset
session_register("f_test_variable");
session_register("f_caller");
NormalFunction("test_variable=$test_variable", 120, 10);
break;
}
?>
This is my php.ini:
[PHP]
; Enable the PHP scripting language engine under Apache.
engine = On
; Allow the tags are
recognized.
short_open_tag = On
; Allow ASP-style <% %> tags.
asp_tags = Off
; The number of significant digits displayed in floating point
numbers.
precision= 14
; Enforce year 2000 compliance (will cause problems with non-compliant
browsers)
y2k_compliance = Off
output_buffering = 4096
output_handler =
zlib.output_compression = Off
implicit_flush = Off
allow_call_time_pass_reference = Off
safe_mode = Off
safe_mode_gid = Off
safe_mode_include_dir =
safe_mode_exec_dir =
safe_mode_allowed_env_vars = PHP_
safe_mode_protected_env_vars = LD_LIBRARY_PATH
disable_functions =
highlight.string = #CC
highlight.comment = #FF9900
highlight.keyword = #006600
highlight.bg = #FF
highlight.default = #CC
highlight.html= #00
expose_php = On
max_execution_time = 30 ; Maximum execution time of each script, in
seconds
memory_limit = 8M ; Maximum amount of memory a script may consume
(8MB)
error_reporting = E_ALL & ~E_NOTICE
display_errors = On
display_startup_errors = On
log_errors = On
track_errors = Off
variables_order = "GPCS"
register_globals = On
register_argc_argv = Off
post_max_size = 8M
gpc_order = "GPC"
magic_quotes_gpc = On
magic_quotes_runtime = Off
magic_quotes_sybase = Off
auto_prepend_file =
auto_append_file =
default_mimetype = "text/html"
user_dir =
extension_dir = ./extensions
enable_dl = On
file_uploads = On
upload_max_filesize = 2M
allow_url_fopen = On
extension=php_gd2.dll
extension=php_oracle.dll
[Syslog]
define_syslog_variables = Off
[mail function]
SMTP = localhost
sendmail_from = [EMAIL PROTECTED]
[Java]
[SQL]
sql.safe_mode = Off
[ODBC]
odbc.allow_persistent = On
odbc.check_persistent = On
odbc.max_persistent = -1
odbc.max_links = -1
odbc.defaultlrl = 4096
odbc.defaultbinmode = 1
[MySQL]
mysql.allow_persistent = On
mysql.max_persistent = -1
mysql.max_links = -1
mysql.default_port =
mysql.default_socket =
mysql.default_host =
mysql.default_user =
mysql.default_password =
[mSQL]
msql.allow_persistent = On
msql.max_persistent = -1
msql.max_links = -1
[PostgresSQL]
pgsql.allow_persistent = On
pgsql.auto_reset_persistent = Off
pgsql.max_persistent = -1
pgsql.max_links = -1
[Sybase]
sybase.allow_persistent = On
sybase.max_persistent = -1
sybase.max_links = -1
sybase.min_error_severity = 10
syba
#21657 [NEW]: Stack seems compromised when using Sessions
From: [EMAIL PROTECTED]
Operating system: W2K server SP2 or NT4 SP6 work.
PHP version: 4.3.0
PHP Bug Type: Scripting Engine problem
Bug description: Stack seems compromised when using Sessions
Take the code that follows and save it in a file called test.php.
If you now call the file via a web browser PHP will write a strange
string. This is due to the session registering done in the case 0 of the
switch. It should print "test_variable=".
The strange this happens when you register a variable which has been
assigned with an unset other one.
And the thing happens only the first time the browser hits the page. At a
refresh everything works.
\n";
echo "\n";
echo "parms='".$parms."'\n";
echo "\n";
echo "\n";
}
session_start();
switch ($status) {
case 0:
$f_caller = isset($funcname) ? $funcname:"";
//$f_test_variable = isset($test_variable) ? $test_variable:"";
$f_test_variable = $test_variable; // comment this and uncomment the
line above to make it work
// since $test_variable is not set, it seems that memory gets upset
session_register("f_test_variable");
session_register("f_caller");
NormalFunction("test_variable=$test_variable", 120, 10);
break;
}
?>
This is my php.ini:
[PHP]
; Enable the PHP scripting language engine under Apache.
engine = On
; Allow the tags are
recognized.
short_open_tag = On
; Allow ASP-style <% %> tags.
asp_tags = Off
; The number of significant digits displayed in floating point numbers.
precision= 14
; Enforce year 2000 compliance (will cause problems with non-compliant
browsers)
y2k_compliance = Off
output_buffering = 4096
output_handler =
zlib.output_compression = Off
implicit_flush = Off
allow_call_time_pass_reference = Off
safe_mode = Off
safe_mode_gid = Off
safe_mode_include_dir =
safe_mode_exec_dir =
safe_mode_allowed_env_vars = PHP_
safe_mode_protected_env_vars = LD_LIBRARY_PATH
disable_functions =
highlight.string = #CC
highlight.comment = #FF9900
highlight.keyword = #006600
highlight.bg = #FF
highlight.default = #CC
highlight.html= #00
expose_php = On
max_execution_time = 30 ; Maximum execution time of each script, in
seconds
memory_limit = 8M ; Maximum amount of memory a script may consume
(8MB)
error_reporting = E_ALL & ~E_NOTICE
display_errors = On
display_startup_errors = On
log_errors = On
track_errors = Off
variables_order = "GPCS"
register_globals = On
register_argc_argv = Off
post_max_size = 8M
gpc_order = "GPC"
magic_quotes_gpc = On
magic_quotes_runtime = Off
magic_quotes_sybase = Off
auto_prepend_file =
auto_append_file =
default_mimetype = "text/html"
user_dir =
extension_dir = ./extensions
enable_dl = On
file_uploads = On
upload_max_filesize = 2M
allow_url_fopen = On
extension=php_gd2.dll
extension=php_oracle.dll
[Syslog]
define_syslog_variables = Off
[mail function]
SMTP = localhost
sendmail_from = [EMAIL PROTECTED]
[Java]
[SQL]
sql.safe_mode = Off
[ODBC]
odbc.allow_persistent = On
odbc.check_persistent = On
odbc.max_persistent = -1
odbc.max_links = -1
odbc.defaultlrl = 4096
odbc.defaultbinmode = 1
[MySQL]
mysql.allow_persistent = On
mysql.max_persistent = -1
mysql.max_links = -1
mysql.default_port =
mysql.default_socket =
mysql.default_host =
mysql.default_user =
mysql.default_password =
[mSQL]
msql.allow_persistent = On
msql.max_persistent = -1
msql.max_links = -1
[PostgresSQL]
pgsql.allow_persistent = On
pgsql.auto_reset_persistent = Off
pgsql.max_persistent = -1
pgsql.max_links = -1
[Sybase]
sybase.allow_persistent = On
sybase.max_persistent = -1
sybase.max_links = -1
sybase.min_error_severity = 10
sybase.min_message_severity = 10
sybase.compatability_mode = Off
[Sybase-CT]
sybct.allow_persistent = On
; Maximum number of persistent links. -1 means no limit.
sybct.max_persistent = -1
; Maximum number of links (persistent + non-persistent). -1 means no
limit.
sybct.max_links = -1
; Minimum server message severity to display.
sybct.min_server_severity = 10
; Minimum client message severity to display.
sybct.min_client_severity = 10
[bcmath]
; Number of decimal digits for all bcmath functions.
bcmath.scale = 0
[browscap]
;browscap = extra/browscap.ini
[Informix]
; Default host for ifx_connect() (doesn't apply in safe mode).
ifx.default_host =
; Default user for ifx_connect() (doesn't apply in safe mode).
ifx.default_user =
; Default password for ifx_connect() (doesn't apply in safe mode).
ifx.default_password =
; Allow or prevent persistent links.
ifx.allow_persistent = On
; Maximum number of persistent links. -1 means no limi
#21489 [Com]: Excel hangs after creation via COM
ID: 21489
Comment by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Open
Bug Type: COM related
Operating System: Win 2K Server
PHP Version: 4.3.0
New Comment:
I solved the problem changing the default printer on the server! It
seems strange (and it is not) but if I change the printer and put a
simple (native and not plugged to the server...) printer as the default
printer, rather than a hand-installed one, EXCEL seems to act in the
right way. (the printer in question is a Canon Laser SHOT LBP-1210)
EXCEL does not show any strange behavior if it run normally by opening
it via the menu. But if it is run via PHP and COM the thing happens
Previous Comments:
[2003-01-08 21:17:35] [EMAIL PROTECTED]
I see this behaviour on 4.2.3 but not with 4.3.0 on Win2Kpro SP3 Apache
1.3.27 (PHP running as module).
On 4.2.3 the same Excel.exe is reused each time I run a
script very similar to this one. I end up with one Excel.exe left in
taskmanager after running this script "1 to n" times.
In 4.3.0 Excel.exe appears for a moment while the script runs then
disappears.
I get exactly the same behaviour on Win2k server SP2.
[2003-01-07 07:52:30] [EMAIL PROTECTED]
This is the code I always used with PHP prior to 4.2.X and 4.3.0:
function ExcelSheet($filein,$tmpdir) {
$fileout = substr(tempnam($tmpdir, "tmp"), 0, -4);
$ex = new COM("Excel.sheet") or Die ("Cannot find excel!");
$ex->Application->Visible = 0;
$wkb = $ex->Application->Workbooks->Open($filein) or Die ("Cannot
open excel!");
$ex->Application->ActiveWorkbook->SaveAs($fileout, -4143);
$ex->application->ActiveWorkbook->Close("False");
unset($ex);
return($fileout . ".xls");
}
The excel function works, but afterwards the excel process remains in
memory, as other people have already argued.
--
Edit this bug report at http://bugs.php.net/?id=21489&edit=1
#21489 [NEW]: Excel hangs after creation via COM
From: [EMAIL PROTECTED]
Operating system: Win 2K Server
PHP version: 4.3.0
PHP Bug Type: COM related
Bug description: Excel hangs after creation via COM
This is the code I always used with PHP prior to 4.2.X and 4.3.0:
function ExcelSheet($filein,$tmpdir) {
$fileout = substr(tempnam($tmpdir, "tmp"), 0, -4);
$ex = new COM("Excel.sheet") or Die ("Cannot find excel!");
$ex->Application->Visible = 0;
$wkb = $ex->Application->Workbooks->Open($filein) or Die ("Cannot open
excel!");
$ex->Application->ActiveWorkbook->SaveAs($fileout, -4143);
$ex->application->ActiveWorkbook->Close("False");
unset($ex);
return($fileout . ".xls");
}
The excel function works, but afterwards the excel process remains in
memory, as other people have already argued.
--
Edit bug report at http://bugs.php.net/?id=21489&edit=1
--
Try a CVS snapshot: http://bugs.php.net/fix.php?id=21489&r=trysnapshot
Fixed in CVS: http://bugs.php.net/fix.php?id=21489&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=21489&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=21489&r=needtrace
Try newer version: http://bugs.php.net/fix.php?id=21489&r=oldversion
Not developer issue:http://bugs.php.net/fix.php?id=21489&r=support
Expected behavior: http://bugs.php.net/fix.php?id=21489&r=notwrong
Not enough info:http://bugs.php.net/fix.php?id=21489&r=notenoughinfo
Submitted twice:http://bugs.php.net/fix.php?id=21489&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=21489&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=21489&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=21489&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=21489&r=isapi
Install GNU Sed:http://bugs.php.net/fix.php?id=21489&r=gnused
