php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #75862 PHP --disable-ipv6, curl --enable-ipv6
Submitted: 2018-01-23 17:16 UTC Modified: -
Votes:2
Avg. Score:4.5 ± 0.5
Reproduced:1 of 2 (50.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: dpa-bugs at aegee dot org Assigned:
Status: Open Package: cURL related
PHP Version: 7.1.13 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: dpa-bugs at aegee dot org
New email:
PHP Version: OS:

 

 [2018-01-23 17:16 UTC] dpa-bugs at aegee dot org 
Description:
------------
When PHP is compiled with ./configure --disable-ipv6 and CURL supports IPv6, then an implicit
  curl_setopt($connection, CURLOPT_IPRESOLVE,  CURL_IPRESOLVE_V4);

must exist in ext/curl/.  Otherwise php-fpm crashes, until adding the above line in the <?php code.

Test script:
---------------
This is what valgrind reports:

==16016== Thread 2:
==16016== Use of uninitialised value of size 8
==16016==    at 0x964380C: __libc_res_nsearch (res_query.c:395)
==16016==    by 0x1A6108E1: ???
==16016==    by 0xDE1B13B: gaih_inet (getaddrinfo.c:870)
==16016==    by 0xDE1C85C: getaddrinfo (getaddrinfo.c:2426)
==16016==    by 0x858ABB3: Curl_getaddrinfo_ex (curl_addrinfo.c:124)
==16016==    by 0x85955B0: getaddrinfo_thread (asyn-thread.c:279)
==16016==    by 0x8592FBA: curl_thread_create_thunk (curl_threads.c:57)
==16016==    by 0xA272063: start_thread (pthread_create.c:309)
==16016==    by 0xDE2F62C: clone (clone.S:111)
==16016==  Uninitialised value was created by a stack allocation
==16016==    at 0x1A610859: ???
==16016== 
==16016== Invalid read of size 4
==16016==    at 0x964380C: __libc_res_nsearch (res_query.c:395)
==16016==    by 0x1A6108E1: ???
==16016==    by 0xDE1B13B: gaih_inet (getaddrinfo.c:870)
==16016==    by 0xDE1C85C: getaddrinfo (getaddrinfo.c:2426)
==16016==    by 0x858ABB3: Curl_getaddrinfo_ex (curl_addrinfo.c:124)
==16016==    by 0x85955B0: getaddrinfo_thread (asyn-thread.c:279)
==16016==    by 0x8592FBA: curl_thread_create_thunk (curl_threads.c:57)
==16016==    by 0xA272063: start_thread (pthread_create.c:309)
==16016==    by 0xDE2F62C: clone (clone.S:111)
==16016==  Address 0x2 is not stack'd, malloc'd or (recently) free'd
==16016== 
==16016== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==16016==  Access not within mapped region at address 0x2
==16016==    at 0x964380C: __libc_res_nsearch (res_query.c:395)
==16016==    by 0x1A6108E1: ???
==16016==    by 0xDE1B13B: gaih_inet (getaddrinfo.c:870)
==16016==    by 0xDE1C85C: getaddrinfo (getaddrinfo.c:2426)
==16016==    by 0x858ABB3: Curl_getaddrinfo_ex (curl_addrinfo.c:124)
==16016==    by 0x85955B0: getaddrinfo_thread (asyn-thread.c:279)
==16016==    by 0x8592FBA: curl_thread_create_thunk (curl_threads.c:57)
==16016==    by 0xA272063: start_thread (pthread_create.c:309)
==16016==    by 0xDE2F62C: clone (clone.S:111)
==16016==  If you believe this happened as a result of a stack
==16016==  overflow in your program's main thread (unlikely but
==16016==  possible), you can try to increase the size of the
==16016==  main thread stack using the --main-stacksize= flag.
==16016==  The main thread stack size used in this run was 8388608.
==16016==

Patches

ext_curl_interface_c-7.3.patch (last revision 2021-10-23 16:47 UTC by dpa-bugs at aegee dot org)

Pull Requests

Pull requests:

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-01-24 14:20 UTC] dpa-bugs at aegee dot org 
Proposed patch:

--- php-7.1.13/ext/curl/interface.c.orig        2018-01-24 14:07:06.844000000 +0000
+++ php-7.1.13/ext/curl/interface.c     2018-01-24 14:15:23.436000000 +0000
@@ -1953,6 +1953,9 @@
 #endif
        curl_easy_setopt(ch->cp, CURLOPT_DNS_CACHE_TIMEOUT, 120);
        curl_easy_setopt(ch->cp, CURLOPT_MAXREDIRS, 20); /* prevent infinite redirects */
+#if !ENABLE_IPV6 && LIBCURL_VERSION_NUM >= 0x070a08 /* 7.10.8 */
+       curl_easy_setopt(ch->cp, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
+#endif
 
        cainfo = INI_STR("openssl.cafile");
        if (!(cainfo && cainfo[0] != '\0')) {
@@ -2310,6 +2313,12 @@
                case CURLOPT_MUTE:
 #endif
                        lval = zval_get_long(zvalue);
+#if !ENABLE_IPV6 && LIBCURL_VERSION_NUM >= 0x070a08 /* Available since 7.10.8 */
+                       if (option == CURLOPT_IPRESOLVE && lval == CURL_IPRESOLVE_V6) {
+                                       php_error_docref(NULL, E_WARNING, "CURL_IPRESOLVE_V6 cannot be activated as php is compiled without IPv6 support");
+                                       return 1;
+                       }
+#endif
 #if LIBCURL_VERSION_NUM >= 0x71304
                        if ((option == CURLOPT_PROTOCOLS || option == CURLOPT_REDIR_PROTOCOLS) &&
                                (PG(open_basedir) && *PG(open_basedir)) && (lval & CURLPROTO_FILE)) {
 [2021-10-23 16:47 UTC] dpa-bugs at aegee dot org 
The following patch has been added/updated:

Patch Name: ext_curl_interface_c-7.3.patch
Revision:   1635007624
URL:        https://bugs.php.net/patch-display.php?bug=75862&patch=ext_curl_interface_c-7.3.patch&revision=1635007624
 [2021-11-19 19:44 UTC] dpa-bugs at aegee dot org 
See also https://github.com/php/php-src/pull/7669 .
 [2021-11-23 13:59 UTC] cmb@php.net 
The following pull request has been associated:

Patch Name: 7.4 — curl/interface.c: avoid crashing, when PHP is compiled without IPv6 support, and CURL has IPv6 support
On GitHub:  https://github.com/php/php-src/pull/7669
Patch:      https://github.com/php/php-src/pull/7669.patch
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Nov 23 10:01:28 2024 UTC