ID: 33690 User updated by: david at madole dot net Reported By: david at madole dot net -Status: Open +Status: Closed Bug Type: Safe Mode/open_basedir Operating System: * PHP Version: 5CVS, 4CVS (2005-07-14) Assigned To: rasmus New Comment:
Closed as far as I'm concerned. Previous Comments: ------------------------------------------------------------------------ [2005-07-25 19:32:06] david at madole dot net Yes, that patch does resolve the problem reported here. Thank you! ------------------------------------------------------------------------ [2005-07-25 16:11:21] [EMAIL PROTECTED] Could someone please try the patch I posted here for this one? http://news.php.net/php.internals/17261 ------------------------------------------------------------------------ [2005-07-14 08:53:50] [EMAIL PROTECTED] Apperently the fix for #33072 causes this. ------------------------------------------------------------------------ [2005-07-14 04:20:51] david at madole dot net Description: ------------ ./configure \ --prefix=/usr/local/opt/php4-STABLE-200507140043 \ --with-apxs2=/usr/local/opt/httpd-2.0.54/bin/apxs \ --with-config-file-path=/etc \ --enable-debug diff php.ini-dist /etc/php.ini 158c158 < safe_mode = Off --- > safe_mode = On <Directory /home/user/www> PHP_Admin_Value open_basedir /home/user/ PHP_Admin_Value session.save_path /home/user/tmp/ </Directory> On serving any page from /home/user/www, even plain HTML files not parsed by PHP, a SEGV is encountered in the Apache child process. The error occurs in sapi/apache2handler/sapi_apache2.c line 173, where ctx is dereferenced while containing NULL (see very end of backtract below): ctx->finfo.st_uid = ctx->r->finfo.user; Removing the newly introduced OnUpdateSaveDir check in ext/session/session.c eliminates the problem. Reproduce code: --------------- <html><body>Test</body></html> Expected result: ---------------- Display "Test" in browser. Actual result: -------------- #0 0x2851ba51 in php_apache_sapi_get_stat () at /usr/local/src/php4-STABLE-200507140043/sapi/apache2handler/sapi_apache2.c:173 #1 0x284d9122 in sapi_get_stat () at /usr/local/src/php4-STABLE-200507140043/main/SAPI.c:848 #2 0x28487317 in php_statpage () at /usr/local/src/php4-STABLE-200507140043/ext/standard/pageinfo.c:73 #3 0x28487383 in php_getuid () at /usr/local/src/php4-STABLE-200507140043/ext/standard/pageinfo.c:99 #4 0x284d5b99 in php_checkuid_ex ( filename=0xbfbfdff0 "/home/madole.net/tmp/", fopen_mode=0x0, mode=3, flags=0) at /usr/local/src/php4-STABLE-200507140043/main/safe_mode.c:150 #5 0x284d5cda in php_checkuid (filename=0x81dc6a4 "/home/madole.net/tmp/", fopen_mode=0x0, mode=3) at /usr/local/src/php4-STABLE-200507140043/main/safe_mode.c:191 #6 0x28443c64 in OnUpdateSaveDir (entry=0x81cbf00, new_value=0x81dc6a4 "/home/madole.net/tmp/", new_value_length=21, mh_arg1=0x0, mh_arg2=0x28577900, mh_arg3=0x0, stage=16) at /usr/local/src/php4-STABLE-200507140043/ext/session/session.c:123 #7 0x285101be in zend_alter_ini_entry (name=0x81106a0 "session.save_path", name_length=18, new_value=0x8123698 "/home/madole.net/tmp/", new_value_length=21, modify_type=4, stage=16) at /usr/local/src/php4-STABLE-200507140043/Zend/zend_ini.c:232 #8 0x2851cc48 in apply_config (dummy=0x8123598) at /usr/local/src/php4-STABLE-200507140043/sapi/apache2handler/apache_config.c:167 #9 0x2851c207 in php_handler (r=0x81f2050) at /usr/local/src/php4-STABLE-200507140043/sapi/apache2handler/sapi_apache2.c:457 #10 0x0807a45a in ap_run_handler (r=0x81f2050) at config.c:152 #11 0x0807a825 in ap_invoke_handler (r=0x81f2050) at config.c:364 #12 0x08069a35 in ap_process_request (r=0x81f2050) at http_request.c:249 #13 0x08065411 in ap_process_http_connection (c=0x81ec128) at http_core.c:251 #14 0x08083c72 in ap_run_process_connection (c=0x81ec128) at connection.c:43 #15 0x08078c71 in child_main (child_num_arg=0) at prefork.c:610 #16 0x08078e65 in make_child (s=0x80b9760, slot=0) at prefork.c:650 #17 0x08078f2c in startup_children (number_to_start=5) at prefork.c:722 #18 0x080795af in ap_mpm_run (_pconf=0xbfbfec40, plog=0x80ed018, s=0xbfbfec48) at prefork.c:941 #19 0x0807e74b in main (argc=6, argv=0xbfbfed38) at main.c:618 (gdb) print ctx $1 = (php_struct *) 0x0 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=33690&edit=1