php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #15826 Crash when sending 'authenticate' header
Submitted: 2002-03-01 23:32 UTC Modified: 2002-05-13 00:00 UTC
Votes:4
Avg. Score:5.0 ± 0.0
Reproduced:4 of 4 (100.0%)
Same Version:1 (25.0%)
Same OS:2 (50.0%)
From: vomit1979 at hotmail dot com Assigned:
Status: No Feedback Package: Reproducible crash
PHP Version: 4.1.1 OS: Windows, Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: vomit1979 at hotmail dot com
New email:
PHP Version: OS:

 

 [2002-03-01 23:32 UTC] vomit1979 at hotmail dot com
I saw this reported about Linux a couple of times... I dared to report third time for I met with this bug on both Windows (98, 2000, XP) and Linux (RedHat 7.0, Mandrake 8.0) - apache child process crashes in PHP module about half of the time header("WWW-Authenticate...") is sent, if PHP is in 'Safe Mode'. I think it's a general PHP problem, not related to OS.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-03-02 00:16 UTC] rasmus@php.net
A backtrace of a core dump for this would be really helpful.  It sounds like something is going wrong in the realm mangling code which happens under safe mode in the sapi_add_header_ex() function in main/SAPI.c

If you can reliably reproduce it, build PHP using --enable-debug, run httpd -X under gdb and when you get the crash, type: bt

Send me that backtrace and I will have a shot at finding it.
 [2002-03-04 15:27 UTC] vomit1979 at hotmail dot com
Additional PHP crash on header('WWW-Authenticate') in safe mode info:

My configure command while getting backtrace was:

./configure --with-mysql=/usr/local/mysql --with-apxs=/usr/local/apache/bin/apxs --enable-xslt --with-xslt-sablot --with-zlib --with-iconv --enable-debug

though I probably could get segfault without all these extensions.


When compiled with debug, more info appears in apache error_log 
than simple 'child segfault':

[Mon Mar  4 09:54:02 2002]  Script:  '/usr/local/apache/htdocs/testzone/auth.php'
---------------------------------------
SAPI.c(505) : Block 0x404279DC status:
Beginning:      Overrun (magic=0x00000000, expected=0x7312F8DC)
[Mon Mar  4 09:54:03 2002] [notice] child pid 32384 exit signal Segmentation fault (11)


And finally the backtrace I got under gdb with httpd -X:

(gdb) run -X
Starting program: /usr/local/apache/bin/httpd -X
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...
Program received signal SIGSEGV, Segmentation fault.
0x40128ebc in memcpy () from /lib/libc.so.6


(gdb) bt
#0  0x40128ebc in memcpy () from /lib/libc.so.6
#1  0x00000054 in ?? ()
#2  0x401fdf79 in _mem_block_check (ptr=0x402f2a00, silent=1,
    __zend_filename=0x402f574d "SAPI.c", __zend_lineno=505,
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at zend_alloc.c:659
#3  0x401fce64 in _efree (ptr=0x402f2a00, __zend_filename=0x402f574d "SAPI.c",
    __zend_lineno=505, __zend_orig_filename=0x0, __zend_orig_lineno=0)
    at zend_alloc.c:224
#4  0x40231ba6 in sapi_add_header_ex (
    header_line=0x810afe4 Z <repeats 36 times>, "\204?\217*",
    header_line_len=35, duplicate=1 001, replace=1 001) at SAPI.c:505
#5  0x40286ad4 in zif_header (ht=1, return_value=0x810afa4, this_ptr=0x0,
    return_value_used=0) at head.c:56
#6  0x4020a18d in execute (op_array=0x810aec4) at ./zend_execute.c:1590
#7  0x4021b3f0 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at zend.c:814
#8  0x4022df42 in php_execute_script (primary_file=0xbffff360) at main.c:1307
#9  0x40228b7e in apache_php_module_main (r=0x80fc154, display_source_mode=0)
    at sapi_apache.c:90
#10 0x40229a6c in send_php (r=0x80fc154, display_source_mode=0,
    filename=0x80fdc44 "/usr/local/apache/htdocs/testzone/auth.php")
    at mod_php4.c:575
#11 0x40229ae5 in send_parsed_php (r=0x80fc154) at mod_php4.c:590
#12 0x0806c187 in ?? ()
#13 0x0808163b in ?? ()
#14 0x080816b0 in ?? ()
#15 0x08078652 in ?? ()
#16 0x08078824 in ?? ()
#17 0x08078998 in ?? ()
#18 0x08079040 in ?? ()
#19 0x080798cf in ?? ()
#20 0x400bf0de in __libc_start_main () from /lib/libc.so.6


Here PHP 4.1.1 was used with Apache 1.3.22 with mod_ssl 
(and all the patches it applies to Apache), 
all built from source with standart in that case options
under Mandrake Linux 8.0 'fresh' and quite 'full' installation. 
Mysql 3.23.46 was also present and working there, built from source.


The script used to crash PHP was the example script from PHP docs:

<?php
    if (!isset($PHP_AUTH_USER)) {
	header("www-authenticate:  realm=\"My Realm\"");
	header("HTTP/1.0 401 Unauthorized");
	echo "Text to send if user hits Cancel button\n";
	exit;
    } else {
	echo "<p>Hello $PHP_AUTH_USER.</p>";
	echo "<p>You entered $PHP_AUTH_PW as your password.</p>";
    }
?>

The same crash occured under Windows 2000, XP, and 98 with downloaded 
Apache and PHP binaries, from which no debug info could be extracted :)
 [2002-04-12 18:37 UTC] sniper@php.net
I can not reprocude this with PHP 4.2.0RC3 or latest CVS.
Please try the RC3 from: http://www.php.net/~derick/

 [2002-05-13 00:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Dec 22 11:01:30 2024 UTC