php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #76109 Unsafe access to fpm scoreboard
Submitted: 2018-03-17 13:59 UTC Modified: 2018-06-10 15:54 UTC
From: backhaus at traum-ferienwohnungen dot de Assigned:
Status: Closed Package: FPM related
PHP Version: PHP-7.1 OS: Linux
Private report: No CVE-ID: None
 [2018-03-17 13:59 UTC] backhaus at traum-ferienwohnungen dot de
Description:
------------
It seems there is an unsafe access to the scoreboard procs in fpm_status_handle_request. The scoreboard is copied under a lock, but later scoreboard procs are copied from scoreboard_p without locking. 
This was pointed out to me by bukka in https://github.com/php/php-src/pull/3182#discussion_r174150992 .
The risk of this is pretty low. The only impact in can imagine being inconsistent readings on the status page.



Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-03-17 19:38 UTC] backhaus at traum-ferienwohnungen dot de
Pull request is https://github.com/php/php-src/pull/3185. Cannot attach because the bug tracker cannot load it from github for some reason.
 [2018-03-29 08:36 UTC] backhaus at traum-ferienwohnungen dot de
Pull request is https://github.com/php/php-src/pull/3185
 [2018-03-29 08:37 UTC] backhaus at traum-ferienwohnungen dot de
Actually it's not 3185 again, it's https://github.com/php/php-src/pull/3188 now.
 [2018-06-10 15:54 UTC] cmb@php.net
-PHP Version: master-Git-2018-03-17 (Git) +PHP Version: PHP-7.1
 [2018-06-10 15:54 UTC] cmb@php.net
Changing PHP version to match the PR.
 [2022-02-09 23:24 UTC] git@php.net
Automatic comment on behalf of  (author) and bukka (committer)
Revision: https://github.com/php/php-src/commit/29fe06fa5919bb0f239677d29f3856d64537eeec
Log: Fix bug #76109: Implement fpm_scoreboard_copy
 [2022-02-09 23:24 UTC] git@php.net
-Status: Open +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 12:01:31 2024 UTC