php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #36206 LDAP in nsswitch.conf causes segfault when resolving hostnames in PHP
Submitted: 2006-01-30 11:41 UTC Modified: 2006-02-01 16:45 UTC
From: arnout at argeweb dot nl Assigned:
Status: Not a bug Package: CGI/CLI related
PHP Version: 5.1.2 OS: freeBSD 5.4
Private report: No CVE-ID: None
 [2006-01-30 11:41 UTC] arnout at argeweb dot nl
Description:
------------
Any hostname resolve in PHP causes a segmentation fault.

It only happens when this file contains the ldap keyword.
When removed, everything works fine.

Everything works great when using modphp. It only happens when using the executable.

root@host: / # cat /etc/nsswitch.conf
group: files ldap
group_compat: nis
hosts: files dns
networks: files
passwd: files
passwd_compat: nis
shells: files

We've seen it on two seperate systems.
It's on PHP versions 5.0.5, 5.1.1 and 5.1.2

Server #1:
openldap 2.2.30
nss_ldap 1.244
php 5.0.5
FreeBSD 5.4-RELEASE-p8

Server #2:
nss_ldap-1.239
openldap-client-2.2.27
php 5.1.2
FreeBSD 5.4-RELEASE-p8


Reproduce code:
---------------
root@host: / # echo "<? echo gethostbyname('php.net'); ?>" | php

root@host: / # echo "<? mysql_connect( 'badgerbadger', '', '' ); ?>" | php


#!/usr/local/bin/php
<?php
// this
echo gethostbyname( 'php.net' );
// AND this too
mysql_connect( 'blahdieblah', '', '' );
// and anything that resolves.
?>


Expected result:
----------------
An IP-address and an error because the mysql host doesn't exist.

Actual result:
--------------
Segmentation fault on any line that resolves a hostname.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-01-30 11:55 UTC] tony2001@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.


 [2006-01-30 12:00 UTC] oersoep at gmail dot com
#0  0x00000000 in ?? ()
#1  0x292ff7a5 in ?? () from /usr/local/lib/nss_ldap.so.1
#2  0x2930a4c0 in ?? () from /usr/local/lib/nss_ldap.so.1
#3  0x2817d760 in ?? () from /libexec/ld-elf.so.1
#4  0x2817d5d8 in ?? () from /libexec/ld-elf.so.1
#5  0x292ff740 in ?? () from /usr/local/lib/nss_ldap.so.1
#6  0x28162730 in _rtld_error () from /libexec/ld-elf.so.1
#7  0x293086c9 in _fini () from /usr/local/lib/nss_ldap.so.1
#8  0x2816380b in find_symdef () from /libexec/ld-elf.so.1
#9  0x28163e6a in dlclose () from /libexec/ld-elf.so.1
#10 0x2845b53c in _nsdbtput () from /lib/libc.so.5
#11 0x2845aef0 in endhostent () from /lib/libc.so.5
#12 0x2845b5bb in _nsdbtput () from /lib/libc.so.5
#13 0x2847e1a5 in __cxa_finalize () from /lib/libc.so.5
#14 0x2847dec6 in exit () from /lib/libc.so.5
#15 0x08130cc5 in main ()
 [2006-01-30 12:25 UTC] arnout at argeweb dot nl
This just in:

The script does not terminate. It ends like it's supposed to.

The segfault is put out when the scripts terminates. I don't know if it's a child process that dies, or that the segfault resides in a buffer untill termination or something.

root@host: / # echo "<? echo gethostbyname( 'php.net' ); ?>" | php
64.246.30.37Segmentation fault (core dumped)

I seem to have judged to fast before. But still: I can't surpress this error. It's ugly!
 [2006-02-01 12:33 UTC] tony2001@php.net
Please try to run `top`, `ps aux` and `host example.com`.
Do they work fine or segfault too?
I'm asking because of this: http://lists.freebsd.org/pipermail/freebsd-bugs/2004-April/006201.html
 [2006-02-01 15:34 UTC] arnout at argeweb dot nl
root@host: ~ $ host example.com
example.com has address 192.0.34.166

top works fine
ps aux works fine

No segfaults there...
 [2006-02-01 16:01 UTC] tony2001@php.net
Here: http://unix.derkeiler.com/Mailing-Lists/FreeBSD/stable/2005-11/0315.html
you can find that this problem also happens with Python on FreeBSD (with the very same backtrace).
So it's not PHP problem, but some FreeBSD issue.
 [2006-02-01 16:27 UTC] arnout at argeweb dot nl
Tried it. Python works great. No segfaults here.

We tried python with AND without LDAP.

It's a different problem that looks the same.


root@host: ~ # python mysql.py
Traceback (most recent call last):
 File "mysql.py", line 6, in ?
   db = "test")
 File "/usr/local/lib/python2.4/site-packages/MySQLdb/__init__.py", line 66, in Connect
   return Connection(*args, **kwargs)
 File "/usr/local/lib/python2.4/site-packages/MySQLdb/connections.py", line 134, in __init__
   super(Connection, self).__init__(*args, **kwargs2)
_mysql_exceptions.OperationalError: (2005, "Unknown MySQL server host 'dfgdfgdfg' (1)")

root@host: ~ # python mysql.py
Traceback (most recent call last):
 File "mysql.py", line 6, in ?
   db = "test")
 File "/usr/local/lib/python2.4/site-packages/MySQLdb/__init__.py", line 66, in Connect
   return Connection(*args, **kwargs)
 File "/usr/local/lib/python2.4/site-packages/MySQLdb/connections.py", line 134, in __init__
   super(Connection, self).__init__(*args, **kwargs2)
_mysql_exceptions.OperationalError: (1130, "Host 'nonexistenthost.nl' is not allowed to connect to this MySQL server")
 [2006-02-01 16:45 UTC] tony2001@php.net
Working Python doesn't make segfault in system libraries PHP problem.
Please report it to FreeBSD developers.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Dec 04 16:01:29 2024 UTC