[Bug 294179] Re: ALERT - canary mismatch on efree() - heap overflow detected
https://bugs.launchpad.net/ubuntu/+source/egroupware/+bug/429294 is seeing similar errors in egroupware under karmic alpha... -- ALERT - canary mismatch on efree() - heap overflow detected https://bugs.launchpad.net/bugs/294179 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 294179] Re: ALERT - canary mismatch on efree() - heap overflow detected
http://blog.php-security.org/archives/58-Suhosin-caught-another-remote- code-execution-vulnerability.html More info on where it could be coming from... -- ALERT - canary mismatch on efree() - heap overflow detected https://bugs.launchpad.net/bugs/294179 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 294179] Re: ALERT - canary mismatch on efree() - heap overflow detected
interesting... so it may have nothing to do with my query, but maybe the mssql extension?? there's no POST or file IO or anything else going on, and I've attached a simplified version (just has one of the problem SP calls instead of all of them) of my class for review... I'm pretty sure there no buffer over there that I can cause or avoid, it's pretty text book ** Attachment added: dbissue.php http://launchpadlibrarian.net/31782985/dbissue.php -- ALERT - canary mismatch on efree() - heap overflow detected https://bugs.launchpad.net/bugs/294179 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 294179] Re: ALERT - canary mismatch on efree() - heap overflow detected
It looks like to me that some php code is running on your site which is causing suhoshin to prevent php doing a buffer overflow. You can find out more information about this at http://www.hardened-php.net ** Changed in: php5 (Ubuntu) Status: New = Won't Fix -- ALERT - canary mismatch on efree() - heap overflow detected https://bugs.launchpad.net/bugs/294179 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 294179] Re: ALERT - canary mismatch on efree() - heap overflow detected
I'm not sure what you mean, can you be more specific? it's a bone stock ubuntu install dist-upgraded to 8.04 from a fully working 7.10. I restored my disk image backup to re-upgrade and it's working again, so it's something that changed in the ubuntu packages between 7.10 and 8.04 since nothing else has changed on my server. the code that triggers this is simply a call to mssql, and only on certain queries. I have nearly 100 calls that work and about 5 that don't, and there is nothing especially different about the ones that don't work. in fact the more complex ones with large resultsets and multiple resultsets DO work and these small single table 5 row results fail while other similar ones do not fail. 7.10 works + 8.04 fails == regression bug in something, somewhere. -- ALERT - canary mismatch on efree() - heap overflow detected https://bugs.launchpad.net/bugs/294179 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 294179] Re: ALERT - canary mismatch on efree() - heap overflow detected
after some more research about this it seems it's a bug in php that php developers don't want to admit exists since it only manifests with the unsupported Suhosin patch. Also this is starting to affect other pages on my site as well, so is there any way to disable this check so my website's database queries can work? or do I have to go back to 7.10 and forget about using 8.04.1 LTS as a production web server forever? -- ALERT - canary mismatch on efree() - heap overflow detected https://bugs.launchpad.net/bugs/294179 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs