|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #40079 php_get_current_user() not thread safe
Submitted: 2007-01-09 17:58 UTC Modified: 2007-01-09 23:27 UTC
From: wharmby at uk dot ibm dot com Assigned: iliaa (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: 5CVS-2007-01-09 (snap) OS: Linux RHEL4
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: wharmby at uk dot ibm dot com
New email:
PHP Version: OS:


 [2007-01-09 17:58 UTC] wharmby at uk dot ibm dot com
The current implementation of php_get_current_user() uses 
the non-reentrant getpwuid() rather than the reentrant 
getpwuid_r(). Therefore issuing on Linux in a ZTS enabled 
build could lead to unpredictable/undesirable results. the code should use the re-entrant version if it is available.

The following patch which were built against the latest 
snapshot (Jan 9 2007, 1330 GMT)  modifies the code in 
main/safe_mode.c to use the re-entrant getpwuid_r if its 

Following makes necessary associated change to

Fix tested on Linux RHEL with mysql extension enabled and 
sql.safe_mode=On in php.ini. The modified code can then easily be invoked by issuing mysql_connect().

Reproduce code:
Problem found by code inspection. As with most thread safety
issues difficult to produce a simple testcase which will show a reproducible crash but current Linux executable is clearly not reentrant.

Expected result:

Actual result:


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2007-01-09 23:27 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Sun Sep 24 18:01:24 2023 UTC