Computer Security

Security Advisory: [PHP-DEV] PHP 5.2.1 crashing Apache/IIS...
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  PHP str_ireplace DoS

From:Thomas Hruska <thruska_(at)_cubiclesoft.com>
Date:13.02.2007
Subject:[PHP-DEV] PHP 5.2.1 crashing Apache/IIS...

Heads up!  Installed the latest Win32 binaries of thread-safe PHP 5.2.1
on Win32 Apache and IIS.  PHP started crashing (definitely PHP -
php5ts.dll) when I went to access the MyProBB web forum.  (Win32 Apache
flat out crashes, IIS bails with HTTP 500 errors).

Forum crashes PHP 5.2.1:
http://www.cubiclesoft.com/Forum/

Source to the forum software is here:
http://www.cubiclesoft.com/MyProBB/

Worked fine under 5.2.0.  I only depend on PHP for the forum.
A straight-up phpinfo(); page seems to work fine.
I upgraded by killing each webserver instance, copying the files from
the ZIP file over the existing PHP directories and files, and restarting
the server.

So I then took the hard route of deleting the PHP directory and dumping
the binaries into it from scratch and putting together a working php.ini
file again...crash.

So I tried to narrow down the problem and it appeared to be crashing in
a VERY bizarre location:

  $Data = str_ireplace("\n", "<br>", $Data);

So, I created a test script and eventually narrowed it down to:

<?
  $Data = "Change tracking and management software designed to watch
for abnormal system behavior.\nSuggest features, report bugs, or ask
questions here.";
  $Data = str_ireplace("\r\n", "<br>", $Data);
  $Data = str_ireplace("\n", "<br>", $Data);
  $Data = str_ireplace("\r\n", "<br>", $Data);
  $Data = str_ireplace("\n", "<br>", $Data);
  $Data = str_ireplace("\r\n", "<br>", $Data);
  $Data = str_ireplace("\n", "<br>", $Data);
  $Data = str_ireplace("\r\n", "<br>", $Data);
  $Data = str_ireplace("\n", "<br>", $Data);
  $Data = str_ireplace("\r\n", "<br>", $Data);
  $Data = str_ireplace("\n", "<br>", $Data);
  $Data = str_ireplace("\r\n", "<br>", $Data);
  $Data = str_ireplace("\n", "<br>", $Data);
  $Data = str_ireplace("\r\n", "<br>", $Data);
  $Data = str_ireplace("\n", "<br>", $Data);
?>

This script crashes PHP 5.2.1 everywhere.  Command-line and web server
(module and CGI modes).  IMO, there's a bug somewhere in str_ireplace().
 But it could be also more fundamental with how Zend treats variables.
 All that showing data around assigning a variable to itself.

--
Thomas Hruska
CubicleSoft President
Ph: 517-803-4197

http://www.CubicleSoft.com/

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru