PHP :: Bug #11806 :: Using $string = md5($string); crashed HTTP child processes

Bug #11806	Using $string = md5($string); crashed HTTP child processes
Submitted:	2001-06-29 14:04 UTC	Modified:	2001-09-09 07:38 UTC
From:	joe at nowalls dot com	Assigned:	derick (profile)
Status:	Closed	Package:	Reproducible crash
PHP Version:	4.0.6	OS:	Linux 2.2.16
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	joe at nowalls dot com
New email:
PHP Version:		OS:

New Comment:

[2001-06-29 14:04 UTC] joe at nowalls dot com

PHP Options:
'./configure' '--with-mysql' '--with-gd' '--enable-track-vars' '--with-jpeg-dir=/usr/local/lib' '--enable-bcmath' '--with-apache=../apache_1.3.20' '--enable-ftp' '--enable-sockets' '--with-mcrypt'

The problem I am having is:

When using the code:

$cipher = md5($cipher); httpd crashes the current child process with:

[Fri Jun 29 10:54:49 2001] [notice] child pid 9766 exit signal Segmentation fault (11)
[Fri Jun 29 10:54:50 2001] [notice] child pid 9920 exit signal Segmentation fault (11)

The page then fails to load, returning nothing to the browser.

Also, I have another function called CleanSring($string);  which looks like:

function CleanString($string)
{
        $string = strip_tags($string);
        $string = preg_replace("/<\/?(html|head|meta|title|body|font|img|.jpg|.gif|.vbs|script|tr|table|text).*>/","",$string);
        $string = preg_replace("/<\/?(HTML|HEAD|META|TITLE|BODY|FONT|IMG|.JPG|.GIF|.VBS|SCRIPT|TR|TABLE|TEXT).*>/","",$string);
        $string = preg_replace("/<[^>]*>/","",$string);
        return $string;
}

Calling this function like:

$string = CleanString($string); causes the same problem.

Whats weird is I call md5() again below the problem code:

    $now = date("r");
    $thisID = md5(substr(makeID(), 0, 16));
    $onetimepass = substr(md5($thisID), 0, 8);

And neither of these causes the same problem, even when being used in the same document.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-06-30 05:10 UTC] derick@php.net

Can you please post your script as .txt file on the web, so that I can check how the $cipher is generated?
And is it possibly for you to make a backtrace of this crash (http://www.php.net/bugs-generating-backtrace.php) as I couldn't reproduce it.

Derick

[2001-06-30 21:52 UTC] joe at nowalls dot com

Update:

I have compiled php-4.0.6 with --enable-debug to try and get a backtrace, but when I do, the bug vanishes and the same code no longer crashed my httpd child process.. 

Here is some detailed info:

PHP 4.0.6 config line:
./configure  --with-mysql --with-gd --enable-track-vars --with-jpeg-dir=/usr/local/lib 
--enable-bcmath --with-apache=../apache_1.3.20 --enable-ftp --enable-sockets --with-mcrypt --enable-debug

and for Apache 1.3.20

EAPI_MM="../mm-1.1.3" \
SSL_BASE="../openssl-0.9.6a" \
./configure \
"--enable-module=ssl" \
"--with-layout=RedHat" \
"--activate-module=src/modules/php4/libphp4.a" \
"--enable-module=rewrite" \

The script that is causing this error is:
http://www.nerdnet.com/compose.phps

As you can see, a use submits a form, which is the source of $cipher, an alphanumeric string, which is then encrypted and other actions take place after.

I am not using the Zend Optimizer or anything unusual here at all... If I run the httpd thru gdb and reproduce the crash it gives me an error in shutdown_memory_manager() when it crashes, but not much else since the bug disappears when I compile in debug into PHP...  If any more info is needed let me know... Thanks PHP team, you guys rule!!!

Joe

[2001-07-01 06:45 UTC] derick@php.net

Hello,

with debug enabled, do you see any errors in either your httpd errorlog or in /var/log/zenderrors ?

Derick

[2001-07-01 12:14 UTC] joe at nowalls dot com

Derick,

Thanks I did not think to check there this time.  I see the following, even with the the $cipher = md5() and CleanString functions disabled:

[Sun Jul  1 09:11:55 2001]  Script:  '/home/nerdwww/compose.php'
---------------------------------------
mcrypt.c(1322) : Block 0x08429258 status:
Beginning:      OK (allocated on mcrypt.c:1252, 24 bytes)
      End:      Overflown (magic=0x35653364 instead of 0x2A8FCC84)
                At least 4 bytes overflown
---------------------------------------

Here are the calls I make using mcrypt outside of the compose.php script you have already seen:

http://www.nerdnet.com/functions.phps

Thanks again!

Joe

[2001-07-10 08:55 UTC] zeev@php.net

This should be fixed in the latest CVS - please let me know if the problem still occurs.

[2001-09-09 07:38 UTC] derick@php.net

No feedback, considered fixed.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue May 06 09:01:28 2025 UTC