php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79631 SSH disconnect segfault with SFTP (assertion failed)
Submitted: 2020-05-25 14:50 UTC Modified: 2021-02-09 13:23 UTC
Votes:3
Avg. Score:3.7 ± 0.9
Reproduced:3 of 3 (100.0%)
Same Version:1 (33.3%)
Same OS:1 (33.3%)
From: info at dotsamazing dot com Assigned: cmb (profile)
Status: Closed Package: ssh2 (PECL)
PHP Version: 7.4.6 OS: Ubuntu 20.04
Private report: No CVE-ID: None
 [2020-05-25 14:50 UTC] info at dotsamazing dot com
Description:
------------
We're using the latest PHP 7.4.3 package under Ubuntu 20.04.

While using SSH2 SFTP in a CLI environment, PHP segfaulted after completing the script. Using coredumpctl we've found that the segfault comes from the automatic SSH2 disconnect during PHP teardown.

We've isolated the issue and could reproduce it in CLI when calling ssh2_disconnect manually:

php: channel.c:2484: _libssh2_channel_free: Assertion `session' failed.

However - by calling ssh2_disconnect on the _SFTP handle_ first (!!! it's undocumented and shouldn't be necessary !!!) and ssh2_disconnect on the connection handle next, the script started working fine without any error or segfault.


Test script:
---------------
$conn    = \ssh2_connect( 'example.com', 22, null );
$success = \ssh2_auth_password( $conn, 'username', 'password' );

// init SFTP first to generate 
$sftp    = \ssh2_sftp( $conn );

// uncomment below to avoid segfault
// if ( \ssh2_disconnect( $sftp ) !== true )
//  throw new Exception('Disconnect SFTP failed');

if ( \ssh2_disconnect( $conn ) !== true )
  throw new Exception('Disconnect SSH failed');


Expected result:
----------------
- assertion error shouldn't appear
- segmentation fault shouldn't happen
- there shouldn't be need for an undocumented disconnect call as a workaround

Actual result:
--------------
- assertion error and segfault
- undocumented disconnect call on an SFTP handle needed before an actual SSH disconnect

Patches

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-05-25 23:03 UTC] info at dotsamazing dot com
It looks that it's a duplicate of #78471 (different PHP versions though and this ticket includes a possible workaround)
 [2021-02-09 13:23 UTC] cmb@php.net
-Status: Open +Status: Analyzed -Assigned To: +Assigned To: cmb
 [2021-02-09 13:23 UTC] cmb@php.net
Yes, of course there shouldn't be segfault on shutdown. The
problem is that the SSH2 SFTP resource destructor doesn't check
whether the session is still active.

> there shouldn't be need for an undocumented disconnect call as a
> workaround

Yes.  But that only works because ssh2_disconnect() is sloppy,
and does not check whether the passed resource is actually a SSH2
Session resource.  You could call that function to close arbitrary
resources (e.g. a stream resource opened by fopen()).
 [2021-02-09 13:51 UTC] cmb@php.net
The following pull request has been associated:

Patch Name: Fix #79631: SSH disconnect segfault with SFTP (assertion failed)
On GitHub:  https://github.com/php/pecl-networking-ssh2/pull/46
Patch:      https://github.com/php/pecl-networking-ssh2/pull/46.patch
 [2021-02-24 21:09 UTC] langemeijer@php.net
Automatic comment on behalf of casper.langemeijer@procurios.nl
Revision: http://git.php.net/?p=pecl/networking/ssh2.git;a=commit;h=8cbe872d19d3397e5f466e550788d5a4b03f1a3b
Log: Merge pull request #46: Fix #79631: SSH disconnect segfault with SFTP (assertion failed)
 [2021-02-24 21:09 UTC] langemeijer@php.net
-Status: Analyzed +Status: Closed
 [2021-02-24 21:09 UTC] langemeijer@php.net
Automatic comment on behalf of cmbecker69@gmx.de
Revision: http://git.php.net/?p=pecl/networking/ssh2.git;a=commit;h=9fb1cf84f04f8c17cfb80e2536a2ce34b2e62c6e
Log: Fix #79631: SSH disconnect segfault with SFTP (assertion failed)
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Wed Apr 14 08:01:23 2021 UTC