php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #59371 Segmentation fault while setting ConsumerHandler to OAuthProvider
Submitted: 2010-08-17 13:21 UTC Modified: 2011-01-15 12:10 UTC
From: raj at elance dot com Assigned:
Status: No Feedback Package: oauth (PECL)
PHP Version: 5.2.0 OS: Linux
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2010-08-17 13:21 UTC] raj at elance dot com
Description:
------------
To Reproduce: 

install v1.0.0 OAuth extension
Copy the Sample Code for oAuth provider from http://svn.php.net/viewvc/pecl/oauth/trunk/examples/provider/ under your web root and access request_token.php 

you should see a segmentation fault in the server logs. 

wget -kv "https://dev2:7002/oauth/request_token.php"



Reproduce code:
---------------
<?php
include('common.inc.php');

try {
	$provider = new OAuthProvider($params);

	/* the endpoint which issues a request token is special, it doesn't take an oauth_token and hence there's no call to the tokenHandler() */
	$provider->isRequestTokenEndpoint(true);

	/* OAuthProvider will call this callback with the $provider object as an argument, you can throw errors from that handler and set the $provider->consumer_key if all is good */
	$provider->consumerHandler('lookupConsumer');

	/* similar to consumerHandler, throw errors related to the timestamp/nonce in this callback */
	$provider->timestampNonceHandler('timestampNonceChecker');

	/* this is the meat of request authorization, the first argument is the URL of this endpoint as the outside world sees it
	 * the optional second argument is the HTTP method, GET, POST, etc ... the provider will try to detect this via $_SERVER["REQUEST_METHOD"] (usually reliable) when it's not set */
	$provider->checkOAuthRequest("http://localhost/request_token.php", PHP_SAPI=="cli" ? OAUTH_HTTP_METHOD_GET : NULL);

} catch (OAuthException $E) {

	/* when you catch OAuthException and echo OAuthProvider::reportProblem with it, you'll get the problem reporting extension described here:
	 * http://wiki.oauth.net/ProblemReporting for free, it also sets the most appropriate HTTP response code */
	echo OAuthProvider::reportProblem($E);
}

Expected result:
----------------
code returns a request_token and secret

Actual result:
--------------
Segmentation fault on server and an empty result to client.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-08-18 16:23 UTC] jawed@php.net
Does this happen for you in trunk?

- JJ
 [2010-08-19 12:44 UTC] raj at elance dot com
Hi Jawed, 

We tried downloading the files from the trunk and replacing 
the files downloaded for 1.0.0 and  compiling, it does not 
compile, not sure what I am missing. 

How do I configure/compile files directly from the trunk?

Thanks
Raj
 [2010-08-19 16:25 UTC] jawed@php.net
Can you give us the configuration/compile errors?

- JJ
 [2010-08-19 16:42 UTC] raj at elance dot com
Here it is:

pwd=/local/home/dev/temp/trunk
 
root@dev2>cp * /var/tmp/pear/cache/oauth-1.0.0
cp: overwrite `/var/tmp/pear/cache/oauth-1.0.0/config.m4'? y
cp: overwrite `/var/tmp/pear/cache/oauth-1.0.0/config.w32'? 
y
cp: omitting directory `examples'
cp: overwrite `/var/tmp/pear/cache/oauth-1.0.0/LICENSE'? y
cp: overwrite `/var/tmp/pear/cache/oauth-1.0.0/oauth.c'? y
cp: overwrite `/var/tmp/pear/cache/oauth-1.0.0/php_oauth.h'? 
y
cp: overwrite `/var/tmp/pear/cache/oauth-1.0.0/provider.c'? 
y
cp: overwrite `/var/tmp/pear/cache/oauth-1.0.0/provider.h'? 
y
cp: omitting directory `tests'
root@dev2>./configure
checking for egrep... grep -E
checking for a sed that does not truncate output... /bin/sed
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ANSI C... none needed
checking whether gcc and cc understand -c and -o together... 
yes
checking if compiler supports -R... no
checking if compiler supports -Wl,-rpath,... yes
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking target system type... i686-pc-linux-gnu
checking for PHP prefix... /usr
checking for PHP includes... -I/usr/include/php -
I/usr/include/php/main -I/usr/include/php/TSRM -
I/usr/include/php/Zend -I/usr/include/php/ext -
I/usr/include/php/ext/date/lib
checking for PHP extension directory... 
/usr/lib/php/extensions/no-debug-non-zts-20060613
checking for PHP installed headers prefix... 
/usr/include/php
checking for re2c... no
configure: WARNING: You will need re2c 0.9.11 or later if 
you want to regenerate PHP parsers.
checking for gawk... gawk
checking for oauth support... yes, shared
checking for cURL in default path... found in /usr
checking for ld used by gcc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for /usr/bin/ld option to reload object files... -r
checking for BSD-compatible nm... /usr/bin/nm -B
checking whether ln -s works... yes
checking how to recognise dependent libraries... pass_all
checking how to run the C preprocessor... gcc -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking dlfcn.h usability... yes
checking dlfcn.h presence... yes
checking for dlfcn.h... yes
checking for g++... g++
checking whether we are using the GNU C++ compiler... yes
checking whether g++ accepts -g... yes
checking how to run the C++ preprocessor... g++ -E
checking the maximum length of command line arguments... 
32768
checking command to parse /usr/bin/nm -B output from gcc 
object... ok
checking for objdir... .libs
checking for ar... ar
checking for ranlib... ranlib
checking for strip... strip
checking if gcc static flag  works... yes
checking if gcc supports -fno-rtti -fno-exceptions... no
checking for gcc option to produce PIC... -fPIC
checking if gcc PIC flag -fPIC works... yes
checking if gcc supports -c -o file.o... yes
checking whether the gcc linker (/usr/bin/ld) supports 
shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... 
immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... no
 
creating libtool
appending configuration tag "CXX" to libtool
checking for ld used by g++... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking whether the g++ linker (/usr/bin/ld) supports 
shared libraries... yes
checking for g++ option to produce PIC... -fPIC
checking if g++ PIC flag -fPIC works... yes
checking if g++ supports -c -o file.o... yes
checking whether the g++ linker (/usr/bin/ld) supports 
shared libraries... yes
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... 
immediate
checking whether stripping libraries is possible... yes
configure: creating ./config.status
config.status: creating config.h
 
root@eoldev2>make
/bin/sh /var/tmp/pear/cache/oauth-1.0.0/libtool --
mode=compile gcc  -I. -I/var/tmp/pear/cache/oauth-1.0.0 -
DPHP_ATOM_INC -I/var/tmp/pear/cache/oauth-1.0.0/include -
I/var/tmp/pear/cache/oauth-1.0.0/main -
I/var/tmp/pear/cache/oauth-1.0.0 -I/usr/include/php -
I/usr/include/php/main -I/usr/include/php/TSRM -
I/usr/include/php/Zend -I/usr/include/php/ext -
I/usr/include/php/ext/date/lib  -DHAVE_CONFIG_H  -g -O2 -
Wall -g   -c /var/tmp/pear/cache/oauth-1.0.0/oauth.c -o 
oauth.lo
mkdir .libs
 gcc -I. -I/var/tmp/pear/cache/oauth-1.0.0 -DPHP_ATOM_INC -
I/var/tmp/pear/cache/oauth-1.0.0/include -
I/var/tmp/pear/cache/oauth-1.0.0/main -
I/var/tmp/pear/cache/oauth-1.0.0 -I/usr/include/php -
I/usr/include/php/main -I/usr/include/php/TSRM -
I/usr/include/php/Zend -I/usr/include/php/ext -
I/usr/include/php/ext/date/lib -DHAVE_CONFIG_H -g -O2 -Wall 
-g -c /var/tmp/pear/cache/oauth-1.0.0/oauth.c  -fPIC -DPIC -
o .libs/oauth.o
/var/tmp/pear/cache/oauth-1.0.0/oauth.c: In function 
'oauth_http_build_query':
/var/tmp/pear/cache/oauth-1.0.0/oauth.c:589: warning: 
dereferencing type-punned pointer will break strict-aliasing 
rules
/bin/sh /var/tmp/pear/cache/oauth-1.0.0/libtool --
mode=compile gcc  -I. -I/var/tmp/pear/cache/oauth-1.0.0 -
DPHP_ATOM_INC -I/var/tmp/pear/cache/oauth-1.0.0/include -
I/var/tmp/pear/cache/oauth-1.0.0/main -
I/var/tmp/pear/cache/oauth-1.0.0 -I/usr/include/php -
I/usr/include/php/main -I/usr/include/php/TSRM -
I/usr/include/php/Zend -I/usr/include/php/ext -
I/usr/include/php/ext/date/lib  -DHAVE_CONFIG_H  -g -O2 -
Wall -g   -c /var/tmp/pear/cache/oauth-1.0.0/provider.c -o 
provider.lo
 gcc -I. -I/var/tmp/pear/cache/oauth-1.0.0 -DPHP_ATOM_INC -
I/var/tmp/pear/cache/oauth-1.0.0/include -
I/var/tmp/pear/cache/oauth-1.0.0/main -
I/var/tmp/pear/cache/oauth-1.0.0 -I/usr/include/php -
I/usr/include/php/main -I/usr/include/php/TSRM -
I/usr/include/php/Zend -I/usr/include/php/ext -
I/usr/include/php/ext/date/lib -DHAVE_CONFIG_H -g -O2 -Wall 
-g -c /var/tmp/pear/cache/oauth-1.0.0/provider.c  -fPIC -
DPIC -o .libs/provider.o
/var/tmp/pear/cache/oauth-1.0.0/provider.c: In function 
'oauth_provider_remove_required_param':
/var/tmp/pear/cache/oauth-1.0.0/provider.c:62: warning: 
dereferencing type-punned pointer will break strict-aliasing 
rules
/var/tmp/pear/cache/oauth-1.0.0/provider.c: In function 
'oauth_provider_add_required_param':
/var/tmp/pear/cache/oauth-1.0.0/provider.c:83: warning: 
dereferencing type-punned pointer will break strict-aliasing 
rules
/var/tmp/pear/cache/oauth-1.0.0/provider.c: In function 
'oauth_provider_apply_custom_param':
/var/tmp/pear/cache/oauth-1.0.0/provider.c:104: warning: 
dereferencing type-punned pointer will break strict-aliasing 
rules
/var/tmp/pear/cache/oauth-1.0.0/provider.c: In function 
'oauth_provider_check_required_params':
/var/tmp/pear/cache/oauth-1.0.0/provider.c:166: warning: 
dereferencing type-punned pointer will break strict-aliasing 
rules
/var/tmp/pear/cache/oauth-1.0.0/provider.c: In function 
'oauth_provider_set_std_params':
/var/tmp/pear/cache/oauth-1.0.0/provider.c:184: warning: 
dereferencing type-punned pointer will break strict-aliasing 
rules
/var/tmp/pear/cache/oauth-1.0.0/provider.c:185: warning: 
dereferencing type-punned pointer will break strict-aliasing 
rules
/var/tmp/pear/cache/oauth-1.0.0/provider.c:186: warning: 
dereferencing type-punned pointer will break strict-aliasing 
rules
/var/tmp/pear/cache/oauth-1.0.0/provider.c:187: warning: 
dereferencing type-punned pointer will break strict-aliasing 
rules
/var/tmp/pear/cache/oauth-1.0.0/provider.c:188: warning: 
dereferencing type-punned pointer will break strict-aliasing 
rules
/var/tmp/pear/cache/oauth-1.0.0/provider.c:189: warning: 
dereferencing type-punned pointer will break strict-aliasing 
rules
/var/tmp/pear/cache/oauth-1.0.0/provider.c:190: warning: 
dereferencing type-punned pointer will break strict-aliasing 
rules
/var/tmp/pear/cache/oauth-1.0.0/provider.c:191: warning: 
dereferencing type-punned pointer will break strict-aliasing 
rules
/var/tmp/pear/cache/oauth-1.0.0/provider.c:192: warning: 
dereferencing type-punned pointer will break strict-aliasing 
rules
/var/tmp/pear/cache/oauth-1.0.0/provider.c: In function 
'oauth_provider_parse_auth_header':
/var/tmp/pear/cache/oauth-1.0.0/provider.c:249: warning: 
dereferencing type-punned pointer will break strict-aliasing 
rules
/var/tmp/pear/cache/oauth-1.0.0/provider.c:260: warning: 
dereferencing type-punned pointer will break strict-aliasing 
rules
/var/tmp/pear/cache/oauth-1.0.0/provider.c:262: warning: 
dereferencing type-punned pointer will break strict-aliasing 
rules
/var/tmp/pear/cache/oauth-1.0.0/provider.c:263: warning: 
dereferencing type-punned pointer will break strict-aliasing 
rules
/var/tmp/pear/cache/oauth-1.0.0/provider.c: In function 
'oauth_provider_call_cb':
/var/tmp/pear/cache/oauth-1.0.0/provider.c:364: error: 
'zend_fcall_info' has no member named 'object_ptr'
/var/tmp/pear/cache/oauth-1.0.0/provider.c:364: error: 
'IS_CALLABLE_CHECK_SILENT' undeclared (first use in this 
function)
/var/tmp/pear/cache/oauth-1.0.0/provider.c:364: error: (Each 
undeclared identifier is reported only once
/var/tmp/pear/cache/oauth-1.0.0/provider.c:364: error: for 
each function it appears in.)
/var/tmp/pear/cache/oauth-1.0.0/provider.c:364: warning: 
passing argument 4 of 'zend_is_callable_ex' from 
incompatible pointer type
/var/tmp/pear/cache/oauth-1.0.0/provider.c:364: warning: 
passing argument 6 of 'zend_is_callable_ex' from 
incompatible pointer type
/var/tmp/pear/cache/oauth-1.0.0/provider.c:364: warning: 
passing argument 7 of 'zend_is_callable_ex' from 
incompatible pointer type
/var/tmp/pear/cache/oauth-1.0.0/provider.c: In function 
'oauth_provider_get_http_verb':
/var/tmp/pear/cache/oauth-1.0.0/provider.c:391: warning: 
dereferencing type-punned pointer will break strict-aliasing 
rules
/var/tmp/pear/cache/oauth-1.0.0/provider.c:391: warning: 
dereferencing type-punned pointer will break strict-aliasing 
rules
/var/tmp/pear/cache/oauth-1.0.0/provider.c: In function 
'oauth_provider_get_current_uri':
/var/tmp/pear/cache/oauth-1.0.0/provider.c:405: warning: 
dereferencing type-punned pointer will break strict-aliasing 
rules
/var/tmp/pear/cache/oauth-1.0.0/provider.c:406: warning: 
dereferencing type-punned pointer will break strict-aliasing 
rules
/var/tmp/pear/cache/oauth-1.0.0/provider.c:407: warning: 
dereferencing type-punned pointer will break strict-aliasing 
rules
/var/tmp/pear/cache/oauth-1.0.0/provider.c:408: warning: 
dereferencing type-punned pointer will break strict-aliasing 
rules
/var/tmp/pear/cache/oauth-1.0.0/provider.c: In function 
'zim_oauthprovider___construct':
/var/tmp/pear/cache/oauth-1.0.0/provider.c:494: warning: 
dereferencing type-punned pointer will break strict-aliasing 
rules
/var/tmp/pear/cache/oauth-1.0.0/provider.c:497: warning: 
dereferencing type-punned pointer will break strict-aliasing 
rules
/var/tmp/pear/cache/oauth-1.0.0/provider.c:506: warning: 
dereferencing type-punned pointer will break strict-aliasing 
rules
/var/tmp/pear/cache/oauth-1.0.0/provider.c:525: warning: 
dereferencing type-punned pointer will break strict-aliasing 
rules
/var/tmp/pear/cache/oauth-1.0.0/provider.c:528: warning: 
dereferencing type-punned pointer will break strict-aliasing 
rules
/var/tmp/pear/cache/oauth-1.0.0/provider.c:552: warning: 
dereferencing type-punned pointer will break strict-aliasing 
rules
/var/tmp/pear/cache/oauth-1.0.0/provider.c: In function 
'zim_oauthprovider_checkOAuthRequest':
/var/tmp/pear/cache/oauth-1.0.0/provider.c:714: warning: 
dereferencing type-punned pointer will break strict-aliasing 
rules
/var/tmp/pear/cache/oauth-1.0.0/provider.c: In function 
'zim_oauthprovider_reportProblem':
/var/tmp/pear/cache/oauth-1.0.0/provider.c:1042: warning: 
format '%d' expects type 'int', but argument 4 has type 
'ulong'
make: *** [provider.lo] Error 1
 [2010-08-19 22:08 UTC] jawed@php.net
Wow, that's a really old version of PHP, can you upgrade?

- JJ
 [2010-08-20 12:42 UTC] raj at elance dot com
possibly.. We have plans to upgrade to 5.3. I will give this a 
try after we upgrade to 5.3
 [2011-01-15 12:10 UTC] jawed@php.net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.

Did it work with a newer version of PHP?

- JJ
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Mon Feb 24 19:01:26 2020 UTC