PHP :: Bug #40098 :: php_fopen_primary

Bug #40098	php_fopen_primary_script() not thread safe
Submitted:	2007-01-11 11:59 UTC	Modified:	2007-01-12 14:35 UTC
From:	wharmby at uk dot ibm dot com	Assigned:	iliaa (profile)
Status:	Closed	Package:	Streams related
PHP Version:	5CVS-2007-01-11 (snap)	OS:	Linux RHEL4
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	wharmby at uk dot ibm dot com
New email:
PHP Version:		OS:

New Comment:

[2007-01-11 11:59 UTC] wharmby at uk dot ibm dot com

Description:
------------
The current implementation of php_fopen_primary_script()
uses the non-reentrant getpwnam() rather than the re-entrant
getpwnam_r(). Therefore calling it on a Linux ZTS enabled 
build could lead to unpredictable/undesirable results. The 
code should use the re-entrant version if it is available.

The following patch which were built against the latest snapshot (Jan 11 2007, 0730 GMT)  modifies the code in 
main/fopen_wrappers.c to use the re-entrant getpwnam_r if 
its available:

	http://pastebin.ca/312969

Fix tested on Linux RHEL4 with Apache 2.0.52 and user_dir set in php.ini The modified code was then driven by specifying the ~user_id in the URL e.g   

      http://localhost/~andy/phpinfo.php.


Reproduce code:
---------------
Problem found by code inspection. As with most thread safety
issues difficult to produce a simple testcase which will show
a reproducible crash but current Linux executable is clearly 
not reentrant and therefore not thread safe.

Expected result:
----------------
N/A

Actual result:
--------------
N/A

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2007-01-12 01:46 UTC] iliaa@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

[2007-01-12 08:57 UTC] wharmby at uk dot ibm dot com

Hi Ilia
	Thanks for applying the fix for this defect.
However, in adjusting the fix to deal with the SYSCONF 
errors I believe you have introduced a storage leak.
The code as it stands does not free "pwbuf" if the call to getpwnam_r is successful after it has finished extracting the data from it.

Here is a patch for the missing code built against latest
snapshot for 5.2:

     http://www.pastebin.ca/313940


Regards
	Andy

[2007-01-12 09:10 UTC] tony2001@php.net

Fixed in CVS, thanks.

[2007-01-12 14:26 UTC] wharmby at uk dot ibm dot com

Sorry but having now picked up latest snapshot (Jan 12 2007, 1330 GMT) and tried to rebuild on Linux it I get 2 compile errors in fopen_wrappers.c and safe_mode.c after changes dropped under this defect.

Required patch for fopen_warppers.c is 
  http://www.pastebin.ca/314159

and for safe_mode.c 
  http://www.pastebin.ca/314162
 
Regards

    Andy

[2007-01-12 14:35 UTC] bjori@php.net

Fixed in CVS, thanks :)

[2007-01-12 14:35 UTC] tony2001@php.net

The typo was fixed earlier, the missing var declaration is now fixed too.

[2007-01-12 14:35 UTC] wharmby at uk dot ibm dot com

Correction: safe_mode.c already fixed in 1330 GMT snap; just the error in fopen_warppers remains.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 14:01:29 2024 UTC