php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #6938 --enable-force-cgi-redirect causes sig11 (see bug id 3010)
Submitted: 2000-09-29 06:43 UTC Modified: 2000-12-07 11:44 UTC
From: tog at tog dot net Assigned:
Status: Closed Package: Reproducible Crash
PHP Version: 4.0.3pl1 OS: FreeBSD 3.5-STABLE
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: tog at tog dot net
New email:
PHP Version: OS:

 

 [2000-09-29 06:43 UTC] tog at tog dot net 
Problem from bug id 3010 still occurs with php 4.0.2.

Compile php 4.0.2 with --enable-force-cgi-redirect.
Attempt to access /cgi-bin/php directly.

Instead of spitting out the security alert, php cores.

Here's the updated full backtrace for php 4.0.2:

(gdb) bt full
#0  0x0 in ?? ()
No symbol table info available.
#1  0x80c2fa4 in php_body_write (
    str=0x812c430 "<b>Security Alert!</b>  PHP CGI cannot be accessed directly.\n\n<P>This PHP CGI binary was compiled with force-cgi-redirect enabled.  This\nmeans that a page will only be served up if the REDIRECT_STATUS"..., 
    str_length=933) at output.c:81
No locals.
#2  0x80644cb in main (argc=1, argv=0xbfbfda54) at cgi_main.c:439
        exit_status = 0
        cgi = 1
        c = -1077945660
        i = -1077945764
        len = -1077945660
        file_handle = {type = 125 '}', filename = 0x28164000 "z?P?\001", 
  opened_path = 0xa88 <Address 0xa88 out of bounds>, handle = {
    fd = -1077945780, fp = 0xbfbfda4c}, free_filename = 184 '?'}
        s = 0xbfbfda54 "@ۿ?"
        cgi_started = 0
        behavior = 1
        no_headers = 0
        orig_optind = 1
        orig_optarg = 0x0
        argv0 = 0x0
        global_vars = {head = 0x281664a0, tail = 0xbfbfda5c, size = 1, 
  dtor = 0xbfbfda54, persistent = 0 '\000', traverse_ptr = 0xbfbfda4c}
        interactive = 0
#3  0x8064041 in _start ()
No symbol table info available.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2000-11-01 02:25 UTC] andi@php.net 
Please check 4.0.3pl1 and let us know if it's fixed.
 [2000-11-01 03:18 UTC] tog at tog dot net 
Sorry, no change.
By the way, see http://www.tradeok.org/test.php if you want to see phpinfo()

(gdb) bt full
#0  0x0 in ?? ()
No symbol table info available.
#1  0x80c45dc in php_body_write (
    str=0x8130eba "<b>Security Alert!</b>  PHP CGI cannot be accessed directly.\n\n<P>This PHP CGI binary was compiled with force-cgi-redirect enabled.  This\nmeans that a page will only be served up if the REDIRECT_STATUS"..., 
    str_length=933) at output.c:82
No locals.
#2  0x8064554 in main (argc=1, argv=0xbfbfda38) at cgi_main.c:443
        exit_status = 0
        cgi = 1
        c = -1077945684
        i = -1077945792
        len = -1077945684
        file_handle = {type = 125 '}', filename = 0x2816b000 "z?P?\001", 
  opened_path = 0xa88 <Address 0xa88 out of bounds>, handle = {
    fd = -1077945808, fp = 0xbfbfda30}, free_filename = 184 '?'}
        s = 0xbfbfda38 "(ۿ?"
        cgi_started = 0
        behavior = 1
        no_headers = 0
        orig_optind = 1
        orig_optarg = 0x0
        argv0 = 0x0
        global_vars = {head = 0x2816d4a0, tail = 0xbfbfda40, size = 1, 
  dtor = 0xbfbfda38, persistent = 0 '\000', traverse_ptr = 0xbfbfda30}
        interactive = 0
#3  0x80640c5 in _start ()
No symbol table info available.
 [2000-12-07 11:44 UTC] sniper@php.net 
Reopen, if this still happens when using latest snapshot
from http://snaps.php.net/

--Jani
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Jul 03 12:01:33 2025 UTC