php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #46695 fread for ssh2 streams core dumps for non-blocking channels
Submitted: 2008-11-27 09:57 UTC Modified: 2008-11-28 12:31 UTC
From: borchinfolab at gmail dot com Assigned:
Status: Not a bug Package: Reproducible crash
PHP Version: 5.3CVS-2008-11-27 (snap) OS: FC9
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2008-11-27 09:57 UTC] borchinfolab at gmail dot com 
Description:
------------
fread() fails (core dumps) for ssh2 streams.

I have checked the libssh2 library by writing a small C program, and it seems to handle non-blocking channels correct.

The stream read command (libssh2_channel_read_ex) does return -37 for non-blocking channels where there are no pending bytes. This "error" might be reason for the core dump? 

Not sure if the correct place to fix this is in the fread() function or the php_ssh2_channel_stream_read() function by preventing it from returning a negative number (libssh2).

The ssh2 pecl package does not compile under php 5.3 (I belive this is a error in the package and not in php-headers - I've managed to fix this though, so it does compile)


Reproduce code:
---------------
#!/usr/bin/php
<?php

$connection = ssh2_connect(SERVER_NAME, 22, array('hostkey'=>'ssh-rsa'));
if(ssh2_auth_pubkey_file($connection, USERNAME, ID_PUB, ID_RSA, '')) {
   $stream = ssh2_exec($connection, "ps -elf");
   # stream_set_blocking($stream, false); THIS DOSN'T WORK
   stream_set_blocking($stream, true); // THIS WORKS

   while(!feof($stream)) {
      $buf = fread($stream, 1024);
      echo ">$buf\n";
   }
}

?>

Expected result:
----------------
No core dump

Actual result:
--------------
Core dump

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-11-27 10:11 UTC] borchinfolab at gmail dot com 
I actually changed the php_ssh2_channel_stream_read() function in ssh2-0.10:

static size_t php_ssh2_channel_stream_read(php_stream *stream, char *buf, size_t count TSRMLS_DC)
{
   php_ssh2_channel_data *abstract = (php_ssh2_channel_data*)stream->abstract;

   stream->eof = libssh2_channel_eof(abstract->channel);
   libssh2_channel_set_blocking(abstract->channel, abstract->is_blocking);
   int res = libssh2_channel_read_ex(abstract->channel, abstract->streamid, buf, count);
   return(res < 0 ? 0 : res);
}

It might still be an error in fread though - it should perhaps ensure that return values are postive ints?
 [2008-11-28 12:31 UTC] jani@php.net 
This is wrong place to report bugs in PECL extension. Here's the correct place: http://pecl.php.net/bugs/report.php?package=ssh2
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat May 18 18:01:32 2024 UTC