php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #9403 a bug in functions/sybase.c kills libphp3.so and httpd child.
Submitted: 2001-02-22 09:35 UTC Modified: 2002-06-16 08:20 UTC
From: coyote at step dot polymtl dot ca Assigned:
Status: Not a bug Package: Sybase (dblib) related
PHP Version: 3.0.17 OS: Linux RedHat 6.2 (x86)
Private report: No CVE-ID: None
 [2001-02-22 09:35 UTC] coyote at step dot polymtl dot ca
Hello,

	On apache-1.3.17+mod_ssl (taken from modssl.org as src.rpm) with
RedHat 6.2 with observed that a lot of our PHP3 scripts would cause an httpd
child to die with a seg fault. This was with both 3.0.17 and 3.0.18. Some of our
scripts would report a warning but most of them would just die in "sybase_connect"
with just 3 arguments. Usually, adding "iso_1" as a 4th argument would solve the
problem. All of these scripts were working fine on php-3.0.9. A dig in the source
showed up uninitalized use of "charset" in sybase.c. We patched sybase.c this way:

--- php-3.0.18.orig/functions/sybase.c  Mon Aug  7 02:09:54 2000
+++ php-3.0.18/functions/sybase.c       Thu Feb 22 14:12:34 2001
@@ -270,7 +270,7 @@
                
        switch(ARG_COUNT(ht)) {
                case 0: /* defaults */
-                       host=user=passwd=NULL;
+                       host=user=passwd=charset=NULL;
                        hashed_details_length=6+3;
                        hashed_details = (char *) emalloc(hashed_details_length+
1);
                        strcpy(hashed_details,"sybase___");
@@ -283,7 +283,7 @@
                                }
                                convert_to_string(yyhost);
                                host = yyhost->value.str.val;
-                               user=passwd=NULL;
+                               user=passwd=charset=NULL;
                                hashed_details_length = yyhost->value.str.len+6+
3;
                                hashed_details = (char *) emalloc(hashed_details
_length+1);
                                sprintf(hashed_details,"sybase_%s__",yyhost->val
ue.str.val);
@@ -299,7 +299,7 @@
                                convert_to_string(yyuser);
                                host = yyhost->value.str.val;
                                user = yyuser->value.str.val;
-                               passwd=NULL;
+                               passwd=charset=NULL;
                                hashed_details_length = yyhost->value.str.len+yy
user->value.str.len+6+3;
                                hashed_details = (char *) emalloc(hashed_details
_length+1);
                                sprintf(hashed_details,"sybase_%s_%s_",yyhost->v
alue.str.val,yyuser->value.str.val);
@@ -317,6 +317,7 @@
                                host = yyhost->value.str.val;
                                user = yyuser->value.str.val;
                                passwd = yypasswd->value.str.val;
+                               charset=NULL;
                                hashed_details_length = yyhost->value.str.len+yy
user->value.str.len+yypasswd->value.str.len+6+3;
                                hashed_details = (char *) emalloc(hashed_details
_length+1);
                                sprintf(hashed_details,"sybase_%s_%s_%s",yyhost-
>value.str.val,yyuser->value.str.val,yypasswd->value.str.val); /* SAFE */

If you need more information, can you please contact me? Thanks.

Vincent Cojot, coyote@step.polymtl.ca

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-06-16 08:20 UTC] sander@php.net
Thank you for taking the time to report a problem with PHP.
Unfortunately, PHP 3 is no longer supported. Please download
the latest version of PHP 4 from http://www.php.net/downloads.php

If you are able to reproduce the bug with one of the latest
versions of PHP, please change the PHP version on this bug report
to the version you tested and change the status back to "Open".
Again, thank you for your continued support of PHP.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 09:01:26 2024 UTC