php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #18966 gethostbyaddr() crashes Apache on certain IPs
Submitted: 2002-08-19 11:07 UTC Modified: 2002-09-08 16:29 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: php at silisoftware dot com Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 4.2.2 OS: Windows XP Home (NT5.1b2600)
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2002-08-19 11:07 UTC] php at silisoftware dot com 
gethostbyaddr() crashes Apache (v1.3.24) when looking up certain IPs. Example script:

echo gethostbyaddr('208.133.226.85');

Every other IP I've tried (so far about 40,000) didn't have any problems. I tried the above line on another server running PHP4.2.2, Apache v1.3.26 and some form of Linux (2.4.9-31) and that had no problems.

Probably related: the Windows port of Webalizer crashes when performing DNS lookups on the same line of the log file, so I suspect it's something to do with DNS lookups in Windows (?).

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-08-19 11:21 UTC] edink@php.net 
This is most likely a bug in your system. I run your script on a Windows 2000 machine and it worked just fine. It simply printed '208.133.226.85'.
 [2002-08-19 12:01 UTC] msopacua at idg dot nl 
This does have a very suspicious nameserver:
For authoritative answers, see:
mitsui.com      3600 IN SOA     nyc0x001.mitsui.com amonty.nyc.mitsui.com(
                        130     ;serial (version)
                        3600    ;refresh period
                        600     ;retry refresh this often
                        86400   ;expiration period
                        3600    ;minimum TTL
                        )

nyc0x001

But indeed - if Webalizer freaks out, the bug is probably in XP. You may have stumbled upon something really nice here.
 [2002-08-19 12:49 UTC] php at silisoftware dot com 
Analog seems to have suffered a similar problem until v5.2:

http://www.analog.cx/bugs.html
"Analog occasionally crashes under Windows XP when doing DNS lookups, if the host returns a malformed response."

If this is a similar case to what I'm experiencing, there's no way I can filter out IPs that'll crash my system, but shouldn't PHP be able to check for a properly formed response during the gethostbyaddr() function?
 [2002-08-29 11:04 UTC] php at silisoftware dot com 
Webalizer's latest version appears to deal with this issue- it no longer crashes on malformed responses.

Microsoft insists that it's a problem with the 3rd-party programs and not XP itself.

So given that Analog and Webalizer both used to suffer from this problem, yet both managed to code around it and be XP-compatible, I still think that it should be possible to put some checks in PHP to prevent it crashing the webserver.
 [2002-08-29 11:44 UTC] iliaa@php.net 
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.
 [2002-09-08 16:29 UTC] php at silisoftware dot com 
Confirmed fixed in PHP v4.2.3
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Apr 25 07:01:31 2024 UTC