|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2005-09-30 21:12 UTC] sniper@php.net
[2005-10-08 01:00 UTC] php-bugs at lists dot php dot net
[2005-12-25 15:07 UTC] pablomh at gmail dot com
|
|||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Sat May 04 21:01:32 2024 UTC |
Description: ------------ I'm trying to install new gallery2 in a Sun Ultra10 with OpenBSD 3.8 -current and PHP 5.0.5 installed from OpenBSD packages. Apache/1.3.29 from OpenBSD and chroot'd. During the authentication phase, it requires I fill a file called login.txt with randomly generated characters. When I click in "Authenticate me" buttom, httpd dies with: [Fri Sep 30 19:01:04 2005] [notice] child pid 22245 exit signal Segmentation fault (11) Reproduce code: --------------- This is the failing class: <?php /* * $RCSfile: AuthenticateStep.class,v $ * * Gallery - a web based photo album viewer and editor * Copyright (C) 2000-2005 Bharat Mediratta * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at * your option) any later version. * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class AuthenticateStep extends InstallStep { var $_uniqueKey; var $_firstTime; function AuthenticateStep() { for ($len=64, $rand=''; strlen($rand) < $len; $rand .= chr(!mt_rand(0,2) ? mt_rand(48,57) : (!mt_rand(0,1) ? mt_rand(65,90) : mt_rand(97,122)))); $this->_uniqueKey = md5($rand); $this->_firstTime = true; } function stepName() { return _('Authenticate'); } function processRequest() { if (!empty($_GET['downloadLogin'])) { header("Content-Type: text/plain"); header("Content-Length: " . strlen($this->_uniqueKey)); header("Content-Description: Download login.txt to your computer."); header("Content-Disposition: attachment; filename=login.txt"); print $this->_uniqueKey; return false; } return true; } function loadTemplateData(&$templateData) { $authenticationDir = dirname(dirname(dirname(__FILE__))); if (isset($_SERVER['DOCUMENT_ROOT']) && preg_match('#^' . $_SERVER['DOCUMENT_ROOT'] . '/(.*)#', $authenticationDir, $matches)) { $authenticationDir = $matches[1]; } if (!$this->isComplete()) { /* Authenticate */ $authenticated = false; $authFile = dirname(__FILE__) . '/../../login.txt'; if (!file_exists($authFile)) { if (!$this->_firstTime) { $templateData['errors'][] = sprintf(_('<b>Error:</b> could not locate <b>login.txt</b>. ' . 'Please place it in your <tt>%s/</tt> directory.'), $authenticationDir); } } else if (!is_readable($authFile)) { $templateData['errors'][] = _('<b>Error:</b> your <b>login.txt</b> file is not readable. ' . 'Please give Gallery read permissions on the file.'); } else { $fileAuth = trim(join("", file($authFile))); if ($fileAuth == $this->_uniqueKey) { $this->setComplete(true); } else { $templateData['errors'][] = _('<b>Error:</b> your <b>login.txt</b> key does not match correctly. ' . 'Please download a new authentication string from below and try again.'); } } } $this->_firstTime = false; $templateData['authenticationDir'] = $authenticationDir; if ($this->isComplete()) { $templateData['bodyFile'] = 'AuthenticateSuccessful.html'; } else { $templateData['bodyFile'] = 'AuthenticateRequest.html'; } } function getUniqueKey() { return $this->_uniqueKey; } } ?> Actual result: -------------- Running httpd in debug mode under gdb: # gdb httpd GNU gdb 6.3 Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "sparc64-unknown-openbsd3.8"...(no debugging symbols found) (gdb) run -X Starting program: /usr/sbin/httpd -X (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) Program received signal SIGSEGV, Segmentation fault. 0x00000000429033e4 in memcpy () from /usr/lib/libc.so.38.2 (gdb) backtrace #0 0x00000000429033e4 in memcpy () from /usr/lib/libc.so.38.2 #1 0x0000000046bce770 in php_var_serialize_class_name () from /usr/lib/apache/modules/libphp5.so #2 0x0000000046bcd13c in php_var_serialize_intern () from /usr/lib/apache/modules/libphp5.so #3 0x0000000046bcd308 in php_var_serialize_intern () from /usr/lib/apache/modules/libphp5.so #4 0x0000000046bcdb74 in php_var_serialize () from /usr/lib/apache/modules/libphp5.so #5 0x0000000046bcdc1c in zif_serialize () from /usr/lib/apache/modules/libphp5.so #6 0x0000000046c63c88 in zend_do_fcall_common_helper () from /usr/lib/apache/modules/libphp5.so #7 0x0000000046c5ffd8 in execute () from /usr/lib/apache/modules/libphp5.so #8 0x0000000046c3bf70 in zend_execute_scripts () from /usr/lib/apache/modules/libphp5.so #9 0x0000000046bfb11c in php_execute_script () from /usr/lib/apache/modules/libphp5.so #10 0x0000000046c6bca4 in apache_php_module_main () from /usr/lib/apache/modules/libphp5.so #11 0x0000000046c6c97c in send_php () from /usr/lib/apache/modules/libphp5.so #12 0x0000000046c6ccb4 in send_parsed_php () from /usr/lib/apache/modules/libphp5.so #13 0x0000000000146014 in ap_invoke_handler () #14 0x000000000015e76c in ap_some_auth_required () #15 0x000000000015e96c in ap_process_request () #16 0x0000000000154344 in ap_child_terminate () #17 0x0000000000154344 in ap_child_terminate () Previous frame identical to this frame (corrupt stack?) (gdb)