php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #33520 crash if safe_mode is on and session.save_path is changed
Submitted: 2005-06-30 15:02 UTC Modified: 2005-07-04 14:47 UTC
Votes:4
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: dexter at debian dot org Assigned: dmitry
Status: Closed Package: Reproducible crash
PHP Version: 5CVS-2005-06-30 (dev) OS: Debian
Private report: No CVE-ID:
 [2005-06-30 15:02 UTC] dexter at debian dot org
Description:
------------
apache2 
safe_mode = On 
 
<Directory /www> 
php_admin_value session.save_path '/www/tmp' 
</Directory> 
 

Reproduce code:
---------------
<? print "hello"; ?>

Expected result:
----------------
hello 

Actual result:
--------------
500 Server closed connection without sending any data 
back500 Server closed connection without sending any data 
back 
 
(gdb) bt  
#0  php_apache_sapi_get_stat ()  
at /tmp/php5/php5-5.0.4/sapi/apache2handler/sapi_apache2.c:175  
#1  0x40a93ba6 in sapi_get_stat ()  
at /tmp/php5/php5-5.0.4/main/SAPI.c:857  
#2  0x40a54b0b in php_statpage ()  
at /tmp/php5/php5-5.0.4/ext/standard/pageinfo.c:68  
#3  0x40a54b6b in php_getuid ()  
at /tmp/php5/php5-5.0.4/ext/standard/pageinfo.c:94  
#4  0x40a9098f in php_checkuid_ex (  
    filename=0x86af3e4  
"/rdfs/webdata/vhosts/www.opendoors.no/tmp",  
fopen_mode=0x0, mode=3,  
    flags=0) at /tmp/php5/php5-5.0.4/main/safe_mode.c:152  
#5  0x40a90c55 in php_checkuid (filename=0x86af3e4  
"/rdfs/webdata/vhosts/www.opendoors.no/tmp",  
    fopen_mode=0x0, mode=3)  
at /tmp/php5/php5-5.0.4/main/safe_mode.c:193  
#6  0x40a12b64 in OnUpdateSaveDir (entry=0x867ec20,  
    new_value=0x86af3e4  
"/rdfs/webdata/vhosts/www.opendoors.no/tmp",  
new_value_length=41,  
    mh_arg1=0x0, mh_arg2=0x40b309e0, mh_arg3=0x0,  
stage=16)  
    at /tmp/php5/php5-5.0.4/ext/session/session.c:137  
#7  0x40acf94d in zend_alter_ini_entry (name=0x838a150  
"session.save_path", name_length=18,  
    new_value=0x82ba778  
"/rdfs/webdata/vhosts/www.opendoors.no/tmp",  
new_value_length=41,  
    modify_type=4, stage=16)  
at /tmp/php5/php5-5.0.4/Zend/zend_ini.c:233  
#8  0x40aed48d in apply_config (dummy=0x82ba518)  
     
at /tmp/php5/php5-5.0.4/sapi/apache2handler/apache_config.c:169  
#9  0x40aec962 in php_handler (r=0x86a9368)  
     
at /tmp/php5/php5-5.0.4/sapi/apache2handler/sapi_apache2.c:465  
#10 0x080783a5 in ap_run_handler ()  
#11 0x080789b0 in ap_invoke_handler ()  
#12 0x08069c9a in ap_process_request ()  
#13 0x0806512d in _start ()  
#14 0x086a9368 in ?? ()  
#15 0x00000004 in ?? ()  
#16 0x086a9368 in ?? ()  
#17 0x4085bd80 in modperl_process_connection_handler ()  
from /usr/lib/apache2/modules/mod_perl.so  
#18 0x080835f5 in ap_run_process_connection ()  
#19 0x080769a4 in ap_graceful_stop_signalled ()  
  

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-07-04 14:47 UTC] dmitry@php.net
Fixed in CVS HEAD and PHP_5_0.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Fri Apr 18 23:01:58 2014 UTC