php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #15501 header call crashes PHP as Apache module
Submitted: 2002-02-11 08:05 UTC Modified: 2002-02-11 08:39 UTC
From: webmaster at sdu dot dk Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 4.1.1 OS: RH Linux 7.1
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: webmaster at sdu dot dk
New email:
PHP Version: OS:

 

 [2002-02-11 08:05 UTC] webmaster at sdu dot dk
This script crashes my installation of Apache 1.3.22 with PHP 4.1.1 as module:

<?php 
  //$link = mysql_connect("<host>", "<id>", "<pw>");
  
  if (!isset($PHP_AUTH_USER)) {
    header("WWW-Authenticate: Basic realm=\"My Realm\"");
    header("HTTP/1.0 401 Unauthorized");
    echo "Please login\n";
    exit;
  } else {
    echo "<p>Hello $PHP_AUTH_USER.</p>";
  }
?>

When I remove the un-comment the line //$link = ... (and substitutes my MySQL server, id and passwd), Apache does not crash. The script correctly asks for login, however, the realm name is displayed as "My Realm-507".

All settings on the server can be seen at this phpInfo-page:
http://www3.sdu.dk/phpInfo.php

Apache logs this when crashing:
[Mon Feb 11 13:12:04 2002]  Script:  '/home/web/test/adgang3.php'
---------------------------------------
SAPI.c(505) : Block 0x08197B3C status:
Beginning:      Overrun (magic=0x00000000, expected=0x7312F8DC)
[Mon Feb 11 13:12:05 2002] [notice] child pid 7617 exit signal Segmentation fault (11)

Apache refuses to produce a core dump, but trace from gdb follows here:

(gdb) run -X
Starting program: /etc/httpd/bin/httpd -X

Program received signal SIGSEGV, Segmentation fault.
0x4020a07c in memcpy () from /lib/i686/libc.so.6

bt from gdb:
(gdb) bt
#0  0x4020a07c in memcpy () from /lib/i686/libc.so.6
#1  0x081d0ccc in zval_used_for_init ()
#2  0x0810b8f9 in _mem_block_check (ptr=0x8197b60, silent=1, __zend_filename=0x81742e9 "SAPI.c", __zend_lineno=505, 
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at zend_alloc.c:659
#3  0x0810aacb in _efree (ptr=0x8197b60, __zend_filename=0x81742e9 "SAPI.c", __zend_lineno=505, 
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at zend_alloc.c:224
#4  0x0806c4bc in sapi_add_header_ex (header_line=0x823de4c 'Z' <repeats 41 times>, "\204?\217*", 
    header_line_len=40, duplicate=1 '\001', replace=1 '\001') at SAPI.c:505
#5  0x080b91de in zif_header (ht=1, return_value=0x823de0c, this_ptr=0x0, return_value_used=0) at head.c:56
#6  0x0813e437 in execute (op_array=0x823dd24) at ./zend_execute.c:1590
#7  0x0811b8f2 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at zend.c:814
#8  0x080695ba in php_execute_script (primary_file=0xbffff710) at main.c:1307
#9  0x08126c22 in apache_php_module_main (r=0x82380f4, display_source_mode=0) at sapi_apache.c:90
#10 0x08065d14 in send_php ()
#11 0x08065d6d in send_parsed_php ()
#12 0x08148203 in ap_invoke_handler ()
#13 0x0815c3e3 in process_request_internal ()
#14 0x0815c444 in ap_process_request ()
#15 0x081538ad in child_main ()
#16 0x08153a58 in make_child ()
#17 0x08153bcc in startup_children ()
#18 0x08154244 in standalone_main ()
#19 0x08154a97 in main ()
#20 0x4019d627 in __libc_start_main (main=0x8154700 <main>, argc=2, ubp_av=0xbffffb44, init=0x8063594 <_init>, 
    fini=0x81726f0 <_fini>, rtld_fini=0x4000dcc4 <_dl_fini>, stack_end=0xbffffb3c)
    at ../sysdeps/generic/libc-start.c:129

Any ideas?

Sven M. Sorensen
University of Southern Denmark

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-02-11 08:10 UTC] webmaster at sdu dot dk
This script crashes my installation of Apache 1.3.22 with PHP 4.1.1 as module:

<?php 
  //$link = mysql_connect("<host>", "<id>", "<pw>");
  
  if (!isset($PHP_AUTH_USER)) {
    header("WWW-Authenticate: Basic realm=\"My Realm\"");
    header("HTTP/1.0 401 Unauthorized");
    echo "Please login\n";
    exit;
  } else {
    echo "<p>Hello $PHP_AUTH_USER.</p>";
  }
?>

When I un-comment the line //$link = ... (and substitutes my MySQL server, id and passwd), Apache does not crash. The script correctly asks for login; however, the realm name is displayed as "My Realm-507".

All settings on the server can be seen at this phpInfo-page:
http://www3.sdu.dk/phpInfo.php

Apache logs this when crashing:
[Mon Feb 11 13:12:04 2002]  Script:  '/home/web/test/adgang3.php'
---------------------------------------
SAPI.c(505) : Block 0x08197B3C status:
Beginning:      Overrun (magic=0x00000000, expected=0x7312F8DC)
[Mon Feb 11 13:12:05 2002] [notice] child pid 7617 exit signal
Segmentation fault (11)

Apache refuses to produce a core dump, but trace from gdb follows here:

(gdb) run -X
Starting program: /etc/httpd/bin/httpd -X

Program received signal SIGSEGV, Segmentation fault.
0x4020a07c in memcpy () from /lib/i686/libc.so.6

bt from gdb:
(gdb) bt
#0  0x4020a07c in memcpy () from /lib/i686/libc.so.6
#1  0x081d0ccc in zval_used_for_init ()
#2  0x0810b8f9 in _mem_block_check (ptr=0x8197b60, silent=1,
__zend_filename=0x81742e9 "SAPI.c", __zend_lineno=505, 
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at zend_alloc.c:659
#3  0x0810aacb in _efree (ptr=0x8197b60, __zend_filename=0x81742e9
"SAPI.c", __zend_lineno=505, 
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at zend_alloc.c:224
#4  0x0806c4bc in sapi_add_header_ex (header_line=0x823de4c 'Z' <repeats
41 times>, "\204?\217*", 
    header_line_len=40, duplicate=1 '\001', replace=1 '\001') at
SAPI.c:505
#5  0x080b91de in zif_header (ht=1, return_value=0x823de0c,
this_ptr=0x0, return_value_used=0) at head.c:56
#6  0x0813e437 in execute (op_array=0x823dd24) at ./zend_execute.c:1590
#7  0x0811b8f2 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at zend.c:814
#8  0x080695ba in php_execute_script (primary_file=0xbffff710) at
main.c:1307
#9  0x08126c22 in apache_php_module_main (r=0x82380f4,
display_source_mode=0) at sapi_apache.c:90
#10 0x08065d14 in send_php ()
#11 0x08065d6d in send_parsed_php ()
#12 0x08148203 in ap_invoke_handler ()
#13 0x0815c3e3 in process_request_internal ()
#14 0x0815c444 in ap_process_request ()
#15 0x081538ad in child_main ()
#16 0x08153a58 in make_child ()
#17 0x08153bcc in startup_children ()
#18 0x08154244 in standalone_main ()
#19 0x08154a97 in main ()
#20 0x4019d627 in __libc_start_main (main=0x8154700 <main>, argc=2,
ubp_av=0xbffffb44, init=0x8063594 <_init>, 
    fini=0x81726f0 <_fini>, rtld_fini=0x4000dcc4 <_dl_fini>,
stack_end=0xbffffb3c)
    at ../sysdeps/generic/libc-start.c:129

Any ideas?

Sven M. Sorensen
University of Southern Denmark
 [2002-02-11 08:39 UTC] sesser@php.net
This bug has been fixed in CVS.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Fri Dec 06 08:01:24 2019 UTC