php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #39754 Some POSIX extension functions not thread safe
Submitted: 2006-12-06 14:26 UTC Modified: 2006-12-07 01:41 UTC
From: wharmby at uk dot ibm dot com Assigned: iliaa
Status: Closed Package: Unknown/Other Function
PHP Version: 5CVS-2006-12-06 (snap) OS: Linux RHEL4
Private report: No CVE-ID:
 [2006-12-06 14:26 UTC] wharmby at uk dot ibm dot com
Description:
------------
The current implementation of the following POSIX extension
functions calls non-reentrant functions as follows:

   posix_ttynamee uses ttyname
   posix_getpwnam uses getpwnam
   posix_getgrnam uses getgrnam 

and therefore not thread safe. This will lead to unexpected 
behaviour when used in ZTS enabled builds. 

In all cases there are re-entrant versions of these functions available on *nix systems, namely ttyname_r 
getpwnam_r and getgrnam_r which should be used instead in order to ensure thread safety.

The following patch, which was built against the latest snapshot (Dec 6th, 2006, 1130 GMT) modifies the code in 
ext/posix/posix.c to use the reentrant versions of these 
functions:

    http://pastebin.ca/269334

The following patch makes the necessary modification to the 
configure.in file to support the above change:

    http://pastebin.ca/269335
	

Andy Wharmby
IBM United Kingdom Limited


Reproduce code:
---------------
Problem found by code inspection. As with most thread safety
issues difficult to produce a simple testcase which will show 
a reproducible crash but current Linux executable is clearly not reentrant as it stands.

Expected result:
----------------
N/A

Actual result:
--------------
N/A

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-12-07 01:41 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 16 10:02:09 2014 UTC