php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #25597 pfsockopen --> crash
Submitted: 2003-09-18 16:46 UTC Modified: 2003-12-20 15:21 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: dietrich dot ayala at foundstone dot com Assigned: wez
Status: Closed Package: Reproducible crash
PHP Version: 4.3.5-dev OS: any
Private report: No CVE-ID:
 [2003-09-18 16:46 UTC] dietrich dot ayala at foundstone dot com
Description:
------------
first time loading the reproduction script works fine. subsequent reloads will first cause php.exe to crash (The instruction at "0x100108b4" referenced memory at "0x00000000". The memory could not be "read".), then once I hit OK on that alert, I'll get a "Server Error, unable to connect to fastcgi server." error in the browser. 

We've found that this error text is in the FastCGI source. It looks like maybe php crashes, then fastcgi attempts to access a php thread that has gone bye-bye, and throws that error. So there may be 2 issues: what's causing the original php crash, and then the fastcgi problem.

Here's how to repro:

- environment: win2k, IIS, FastCGI, PHP 4.3.2/.3 (I repro'd w/ both)
- set up a test script, such as a phpinfo script
- configure the repro script to hit your host, port, path_to_test_script and load it, then hit refresh (sometimes, I'll have to restart w3svc to be able to repro the bug)

notes:
- this does not occur if using fsockopen, only with pfsockopen
- i could not reproduce this with windows XP, only windows 2000 (both server and professional)


Reproduce code:
---------------
http://dietrich.ganx4.com/phpbug_iis.phps

Expected result:
----------------
it should output the URL it's attempting to connect to.

Actual result:
--------------
first time loading the reproduction script works fine. subsequent reloads will first cause php.exe to crash (The instruction at "0x100108b4" referenced memory at "0x00000000". The memory could not be "read".), then once I hit OK on that alert, I'll get a "Server Error, unable to connect to fastcgi server." error in the browser. 

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-09-19 13:58 UTC] dietrich dot ayala at foundstone dot com
My apologies for leaving out an important detail:

This only occurrs when using SSL. I cannot reproduce this issue using unencrypted communication.

Since there still exists a problem with dynamically linking OpenSSL in the 4.x tree, I have asked EdinK to compile a new php4ts.dll with OpenSSL. Once that's available, I'll test using the latest.

Thanks!
 [2003-09-24 05:15 UTC] edink@php.net
This is the latest ssl enabled build:

ftp://ftp.proventum.net/pub/php/win32/misc/openssl/php-4.3.4-dev-ssl.zip

 [2003-09-24 13:42 UTC] dietrich dot ayala at foundstone dot com
Thanks Edin.

I've updated to the latest stable Windows build, and applied Edin's patched php4ts.dll.

The example script I gave still reproduces the crash.

The text of the Application Error alert is:
The instruction at "0x100108b4" referenced memory at "0x00000000'. The memory could not be "read".

Then, as before, I get the FastCGI error:
Server Error, unable to connect to fastcgi server.

Thanks for any help in fixing this!
 [2003-12-20 15:21 UTC] wez@php.net
This was a general problem when expiring an existing
persistent socket; the persistent-list entry was not
correctly removed and this lead to double-free'ing
of that stream when the new entry replaced it.

Fixed in CVS.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 24 02:02:10 2014 UTC