#30282 [NEW]: Setting session.serialize_handler to none in apache config segfaults PHP
From: daniele at orlandi dot com
Operating system: SuSE Linux 9.1
PHP version: 4.3.9
PHP Bug Type: Apache2 related
Bug description: Setting session.serialize_handler to none in apache config segfaults
PHP
Description:
This is an almost cosmetic issue. I incorrectly put "none" in apache's
configuration file for session.serialize_handler. Starting the session,
PHP segfaults; it may be a missing NULL check.
php_value session.serialize_handler none
[pid 31996] open("/tmp/sess_de475dfe390c0d01f35536633634db4a",
O_RDWR|O_CREAT, 0600) = 28
[pid 31996] flock(28, LOCK_EX) = 0
[pid 31996] fcntl64(28, F_SETFD, FD_CLOEXEC) = 0
[pid 31996] fstat64(28, {st_mode=S_IFREG|0600, st_size=0, ...}) = 0
[pid 31996] pread(28, "", 0, 0)
[pid 31996] --- SIGSEGV (Segmentation fault) @ 0 (0) ---
--
Edit bug report at http://bugs.php.net/?id=30282&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=30282&r=trysnapshot4
Try a CVS snapshot (php5.0): http://bugs.php.net/fix.php?id=30282&r=trysnapshot50
Try a CVS snapshot (php5.1): http://bugs.php.net/fix.php?id=30282&r=trysnapshot51
Fixed in CVS:http://bugs.php.net/fix.php?id=30282&r=fixedcvs
Fixed in release:http://bugs.php.net/fix.php?id=30282&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=30282&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=30282&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=30282&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=30282&r=support
Expected behavior: http://bugs.php.net/fix.php?id=30282&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=30282&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=30282&r=submittedtwice
register_globals:http://bugs.php.net/fix.php?id=30282&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=30282&r=php3
Daylight Savings:http://bugs.php.net/fix.php?id=30282&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=30282&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=30282&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=30282&r=float
MySQL Configuration Error: http://bugs.php.net/fix.php?id=30282&r=mysqlcfg
#13961 [Com]: some characters in server variable names are silently changed
ID: 13961
Comment by: daniele at orlandi dot com
Reported By: lampa at fee dot vutbr dot cz
Status: Bogus
Bug Type: Apache related
Operating System: any
PHP Version: 4CVS, 5CVS
Assigned To: derick
New Comment:
It still isn't fixed in PHP 4.3.5, php still corrupts apache's
environment and here's the proof:
--- httpd.conf
BrowserMatch "a" downgrade-1.0 force-response-1.0 nokeepalive
--- a.html
--- a.php
GET /a.html HTTP/1.1
Host: stef.uli.it
Connection: close
User-Agent: a
HTTP/1.0 200 OK
Date: Wed, 31 Mar 2004 17:35:57 GMT
Server: Apache/2.0.49 (Unix) mod_ssl/2.0.49 OpenSSL/0.9.7b PHP/4.3.5
Last-Modified: Wed, 31 Mar 2004 17:35:43 GMT
ETag: "522e8-1e-c69ff9c0"
Accept-Ranges: bytes
Content-Length: 30
Connection: close
Content-Type: text/html
Connection closed by foreign host.
---
GET /a.php HTTP/1.1
Host: stef.uli.it
Connection: close
User-Agent: a
HTTP/1.1 200 OK
Date: Wed, 31 Mar 2004 17:34:57 GMT
Server: Apache/2.0.49 (Unix) mod_ssl/2.0.49 OpenSSL/0.9.7b PHP/4.3.5
X-Powered-By: PHP/4.3.5
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html
4
ciao
0
Connection closed by foreign host.
--
As you see, the PHP response discards force-response-1.0 and still
responds with HTTP/1.1.
My Cisco 7960 IP phones has a broken HTTP/1.1 client and isn't able to
cope with chunked transfer encoding and I'm not able to make it work.
Previous Comments:
[2003-11-18 19:52:08] [EMAIL PROTECTED]
This is infact fixed php_register_variable() is actually a wrapper
around php_register_variable_safe() which always makes a copy of the
original before passing it to php_register_variable_ex().
[2003-11-14 07:06:13] lampa at fee dot vutbr dot cz
Still not fixed in 4.3.4
----------------
[2003-11-11 18:15:11] daniele at orlandi dot com
This bug is still present in php 4.3.4 and may be harmful since all the
BrowserMatch functionality to workaround browser bugs in Apache is
essentially disabled.
As a proof of concept i patched sapi/apache2handler/sapi_apache2.c
(apache2filter is probably affected too) and the problem went away.
Note that the patch may not be perfect as I don't know how Apache and
PHP work internally very well.
--- php-4.3.4/sapi/apache2handler/sapi_apache2.c2003-10-02
05:24:43.0 +0200
+++ php-4.3.4-patched/sapi/apache2handler/sapi_apache2.c
2003-11-11 23:52:06.0 +0100
@@ -227,9 +227,14 @@
char *key, *val;
zval **path_translated_zv;
+ char *t;
+
APR_ARRAY_FOREACH_OPEN(arr, key, val)
if (!val) val = empty_string;
- php_register_variable(key, val, track_vars_array
TSRMLS_CC);
+
+ t = estrndup(key, strlen(key));
+ php_register_variable(t, val, track_vars_array
TSRMLS_CC);
+ efree(t);
APR_ARRAY_FOREACH_CLOSE()
[2001-12-11 09:57:36] lampa at fee dot vutbr dot cz
Not fixed in 4.1.0. Why? To be clear, one call is neccessary:
for (i = 0; i < arr->nelts; i++) {
char *val,*key;
if (elts[i].val) {
val = elts[i].val;
} else {
val = empty_string;
}
key = estrdup(elts[i].key); /* HERE */
php_register_variable(key, val, track_vars_array
ELS_CC PLS_CC)
;
}
[2001-11-07 04:33:03] [EMAIL PROTECTED]
This is not okay, PHP should not change the original key here.
Checking it out.
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/13961
--
Edit this bug report at http://bugs.php.net/?id=13961&edit=1
#27551 [Fbk->Opn]: strtotime fails to parse ISO 8601 timestamps with fractional seconds
ID: 27551
User updated by: daniele at orlandi dot com
Reported By: daniele at orlandi dot com
-Status: Feedback
+Status: Open
Bug Type: Date/time related
Operating System: SuSE Linux 9.0
PHP Version: 4.3.5RC3
New Comment:
Mmmh... do you really need an example script to test a function for two
given values? :)
Well... here is it:
";
echo "2004-03-11 18:16:07+01 = "
.strtotime("2004-03-11 18:16:07+01")
."";
?>
Result:
2004-03-11 18:16:07.755155+01 = -1
2004-03-11 18:16:07+01 = 1079025367
Expected result:
2004-03-11 18:16:07.755155+01 = 1079025367
2004-03-11 18:16:07+01 = 1079025367
Previous Comments:
[2004-03-10 13:27:38] [EMAIL PROTECTED]
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves.
A proper reproducing script starts with ,
is max. 10-20 lines long and does not require any external
resources such as databases, etc.
If possible, make the script source available online and provide
an URL to it here. Try avoid embedding huge scripts into the report.
------------
[2004-03-10 11:27:35] daniele at orlandi dot com
Description:
strtotime fails to parse timestamp returned by PostgreSQL in the
default ISO 8601 output due to fractional seconds.
This time stamp is not parsed (invalid):
2004-03-10 16:33:17.11403+01
This is correctly parsed:
2004-03-10 16:33:17+01
Fractional part could be ignored but shouldn't make strtotime consider
the timestamp as invalid.
--
Edit this bug report at http://bugs.php.net/?id=27551&edit=1
#27551 [NEW]: strtotime fails to parse ISO 8601 timestamps with fractional seconds
From: daniele at orlandi dot com Operating system: SuSE Linux 9.0 PHP version: 4.3.5RC3 PHP Bug Type: Date/time related Bug description: strtotime fails to parse ISO 8601 timestamps with fractional seconds Description: strtotime fails to parse timestamp returned by PostgreSQL in the default ISO 8601 output due to fractional seconds. This time stamp is not parsed (invalid): 2004-03-10 16:33:17.11403+01 This is correctly parsed: 2004-03-10 16:33:17+01 Fractional part could be ignored but shouldn't make strtotime consider the timestamp as invalid. -- Edit bug report at http://bugs.php.net/?id=27551&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=27551&r=trysnapshot4 Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=27551&r=trysnapshot5 Fixed in CVS: http://bugs.php.net/fix.php?id=27551&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=27551&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=27551&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=27551&r=needscript Try newer version: http://bugs.php.net/fix.php?id=27551&r=oldversion Not developer issue:http://bugs.php.net/fix.php?id=27551&r=support Expected behavior: http://bugs.php.net/fix.php?id=27551&r=notwrong Not enough info:http://bugs.php.net/fix.php?id=27551&r=notenoughinfo Submitted twice:http://bugs.php.net/fix.php?id=27551&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=27551&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=27551&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=27551&r=dst IIS Stability: http://bugs.php.net/fix.php?id=27551&r=isapi Install GNU Sed:http://bugs.php.net/fix.php?id=27551&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=27551&r=float
#13961 [Com]: some characters in incomonig variable names are silently changed
ID: 13961
Comment by: daniele at orlandi dot com
Reported By: lampa at fee dot vutbr dot cz
Status: No Feedback
Bug Type: Apache related
Operating System: FreeBSD
PHP Version: 4.0.6, 4.1.0
Assigned To: derick
New Comment:
Is there a way to make this bug a little more alive?
I provided the missing feedback... I don't want to file a duplicate,
I'd just like to see it as an open bug (if it is the case).
Sorry for the meta-comment
Previous Comments:
[2003-11-11 18:15:11] daniele at orlandi dot com
This bug is still present in php 4.3.4 and may be harmful since all the
BrowserMatch functionality to workaround browser bugs in Apache is
essentially disabled.
As a proof of concept i patched sapi/apache2handler/sapi_apache2.c
(apache2filter is probably affected too) and the problem went away.
Note that the patch may not be perfect as I don't know how Apache and
PHP work internally very well.
--- php-4.3.4/sapi/apache2handler/sapi_apache2.c2003-10-02
05:24:43.0 +0200
+++ php-4.3.4-patched/sapi/apache2handler/sapi_apache2.c
2003-11-11 23:52:06.0 +0100
@@ -227,9 +227,14 @@
char *key, *val;
zval **path_translated_zv;
+ char *t;
+
APR_ARRAY_FOREACH_OPEN(arr, key, val)
if (!val) val = empty_string;
- php_register_variable(key, val, track_vars_array
TSRMLS_CC);
+
+ t = estrndup(key, strlen(key));
+ php_register_variable(t, val, track_vars_array
TSRMLS_CC);
+ efree(t);
APR_ARRAY_FOREACH_CLOSE()
[2002-10-15 01:00:02] php-bugs at lists dot php dot net
No feedback was provided for this bug for over 2 weeks, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
[2002-09-29 20:41:13] [EMAIL PROTECTED]
Please try using this CVS snapshot:
http://snaps.php.net/php4-latest.tar.gz
For Windows:
http://snaps.php.net/win32/php4-win32-latest.zip
This should be fixed in CVS (If I remember correctly) so could you
please try the snapshot and verify it for us?
[2001-12-11 09:57:36] lampa at fee dot vutbr dot cz
Not fixed in 4.1.0. Why? To be clear, one call is neccessary:
for (i = 0; i < arr->nelts; i++) {
char *val,*key;
if (elts[i].val) {
val = elts[i].val;
} else {
val = empty_string;
}
key = estrdup(elts[i].key); /* HERE */
php_register_variable(key, val, track_vars_array
ELS_CC PLS_CC)
;
}
[2001-11-07 04:33:03] [EMAIL PROTECTED]
This is not okay, PHP should not change the original key here.
Checking it out.
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/13961
--
Edit this bug report at http://bugs.php.net/?id=13961&edit=1
#13961 [Com]: some characters in incomonig variable names are silently changed
ID: 13961
Comment by: daniele at orlandi dot com
Reported By: lampa at fee dot vutbr dot cz
Status: No Feedback
Bug Type: Apache related
Operating System: FreeBSD
PHP Version: 4.0.6, 4.1.0
Assigned To: derick
New Comment:
This bug is still present in php 4.3.4 and may be harmful since all the
BrowserMatch functionality to workaround browser bugs in Apache is
essentially disabled.
As a proof of concept i patched sapi/apache2handler/sapi_apache2.c
(apache2filter is probably affected too) and the problem went away.
Note that the patch may not be perfect as I don't know how Apache and
PHP work internally very well.
--- php-4.3.4/sapi/apache2handler/sapi_apache2.c2003-10-02
05:24:43.0 +0200
+++ php-4.3.4-patched/sapi/apache2handler/sapi_apache2.c
2003-11-11 23:52:06.0 +0100
@@ -227,9 +227,14 @@
char *key, *val;
zval **path_translated_zv;
+ char *t;
+
APR_ARRAY_FOREACH_OPEN(arr, key, val)
if (!val) val = empty_string;
- php_register_variable(key, val, track_vars_array
TSRMLS_CC);
+
+ t = estrndup(key, strlen(key));
+ php_register_variable(t, val, track_vars_array
TSRMLS_CC);
+ efree(t);
APR_ARRAY_FOREACH_CLOSE()
Previous Comments:
[2002-10-15 01:00:02] php-bugs at lists dot php dot net
No feedback was provided for this bug for over 2 weeks, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
[2002-09-29 20:41:13] [EMAIL PROTECTED]
Please try using this CVS snapshot:
http://snaps.php.net/php4-latest.tar.gz
For Windows:
http://snaps.php.net/win32/php4-win32-latest.zip
This should be fixed in CVS (If I remember correctly) so could you
please try the snapshot and verify it for us?
[2001-12-11 09:57:36] lampa at fee dot vutbr dot cz
Not fixed in 4.1.0. Why? To be clear, one call is neccessary:
for (i = 0; i < arr->nelts; i++) {
char *val,*key;
if (elts[i].val) {
val = elts[i].val;
} else {
val = empty_string;
}
key = estrdup(elts[i].key); /* HERE */
php_register_variable(key, val, track_vars_array
ELS_CC PLS_CC)
;
}
[2001-11-07 04:33:03] [EMAIL PROTECTED]
This is not okay, PHP should not change the original key here.
Checking it out.
[2001-11-07 01:56:30] lampa at fee dot vutbr dot cz
I don't think that FAQ solves that problem.
Look at the source code of Apache server. There
are several tests of the variable "force-response-1.0"
there. The problem is not that php code variable
is $force-response-1_0, that's OK, but the real
problem is that apache variable name in r->subprocess_env
is changed too. That's side effect and not pleasent.
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/13961
--
Edit this bug report at http://bugs.php.net/?id=13961&edit=1
#22710 [Com]: an unknown filter was not added: PHP
ID: 22710 Comment by: daniele at orlandi dot com Reported By: intruderkillers at yahoo dot com dot br Status: Bogus Bug Type: Apache2 related Operating System: RedHat 8.0 PHP Version: 4.3.2RC1 New Comment: Same problem for me. Just upgraded from 4.3.0 to 4.3.2RC2, nothing else changed. Previous Comments: [2003-03-14 19:24:16] [EMAIL PROTECTED] Your httpd.conf is wrong. Please read the install instructions from http://www.php.net/manual/en/install.apache2.php [2003-03-14 13:50:28] intruderkillers at yahoo dot com dot br When I load any php page i`m getting this error in Apache/2.0.44 with 4.3.2RC1: an unknown filter was not added: PHP Best Regards, Luiz -- Edit this bug report at http://bugs.php.net/?id=22710&edit=1
