headers
Antony Dovgal | 1 Mar 2007 09:58
Favicon

Re: [PHP-DEV] LDAP functions implemented poorly

On 03/01/2007 01:11 AM, Doug Goldstein wrote:
> Antony Dovgal wrote:
>> On 03/01/2007 12:35 AM, Doug Goldstein wrote:
>>>> Did you really test it with non-NULL terminated strings?
>>>> Don't you need to add '\0' manually?
>>>
>>> The test is that you run the example code from bug #38819, watch PHP
>>> crash. Apply my patch and watch PHP not crash. Fairly simple. My
>>> backtrace
>>> is identical to the reporter's.
>>
>> Well, I can't do it myself since I don't even have a LDAP server
>> installed.
>> That's why I asked you the question.
>>
>>> If you read the comments by the OpenLDAP developers in the two bugs
>>> referenced they have the same reason for using ldap_get_values_len()
>>> instead of ldap_get_values() because it's safer incase the data is
>>> non-NULL terminated data. In this case PHP's assumption that it's NULL
>>> terminated is flawed since it's crashing since it's extending past the
>>> end
>>> of it's memory segment. (as visible from bug #38819)
>>
>> I have no doubts it's true, but the question was:
>> did you really test [the NEW patched version of] the code with non-NULL
>> terminated strings?
> 
> If I run the example PHP code from bug #38819, PHP will merrily run off
> the end of a string into no man's land and crash as per the backtrace in
> bug #38819. With the patch applied, it does not. That sound clearly like
(Continue reading)

Permalink | Reply | 1 comment |
headers
Andreas Prüßmann | 1 Mar 2007 10:17
Picon

[PHP-DEV] PHP UserID ?

Hello,

i´am using an SLES 10.1 Server with an Apache 2.2.
There´s PHP 5 installed. When i do an dir -o on the php executable, i can 
see that php belongs to root.
My questtion is ...
Do PHP run as user root ?

Thanks Andreas 

--

-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Permalink | Reply | 1 comment |
headers
Derick Rethans | 1 Mar 2007 11:34
X-Face
Picon
Gravatar

PHP 4.4.6 Released!

Hello!

The PHP development team would like to announce the immediate 
availability of PHP 4.4.6.  This release addresses a crash problem with 
the session extension when register_globals is turned on that was 
introduced in PHP 4.4.6. This release comes also with the new version 
7.0 of PCRE and it addresses a number of minor bugs.

A separate release announcement is also available. For changes in PHP 
4.4.6 since PHP 4.4.5, please consult the PHP 4 ChangeLog. 

Release Announcement: http://www.php.net/release_4_4_6.php
Downloads:            http://www.php.net/downloads.php#v4
Changelog:            http://www.php.net/ChangeLog-4.php#4.4.6

regards,
Derick

-- 
Derick Rethans
http://derickrethans.nl | http://ez.no | http://xdebug.org

--

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Permalink | Reply | 4 comments |
headers
Andrew Hutchings | 1 Mar 2007 13:01
Picon

[PHP-DEV] Re: PHP UserID ?

Andreas Prüßmann wrote:
> Hello,
> 
> i´am using an SLES 10.1 Server with an Apache 2.2.
> There´s PHP 5 installed. When i do an dir -o on the php executable, i can 
> see that php belongs to root.
> My questtion is ...
> Do PHP run as user root ?

If you are using Apache and PHP as a module then it will run as the same
user as Apache.  If you use suPHP then it runs as the same user as the
script being executed.

Regards
Andrew
-- 
Andrew Hutchings - Linux Jedi - http://www.linuxjedi.co.uk/
A-Wing Internet Services - http://www.a-wing.co.uk/
Windows is the path to the darkside...Windows leads to Blue Screen.
Blue Screen leads to downtime. Downtime leads to suffering...I sense
much Windows in you.

--

-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Permalink | Reply | 0 comments |
headers
Andrew Hutchings | 1 Mar 2007 13:03
Picon

[PHP-DEV] Re: PHP 4.4.6 Released!

Derick Rethans wrote:
> Hello!
> 
> The PHP development team would like to announce the immediate 
> availability of PHP 4.4.6.  This release addresses a crash problem with 
> the session extension when register_globals is turned on that was 
> introduced in PHP 4.4.6.

So these release fixes a crash that wasn't introduced until this
release.  That's clever ;)

Regards
Andrew
-- 
Andrew Hutchings - Linux Jedi - http://www.linuxjedi.co.uk/
A-Wing Internet Services - http://www.a-wing.co.uk/
Windows is the path to the darkside...Windows leads to Blue Screen.
Blue Screen leads to downtime. Downtime leads to suffering...I sense
much Windows in you.

--

-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Permalink | Reply | 2 comments |
headers
Derick Rethans | 1 Mar 2007 13:06
X-Face
Picon
Gravatar

Re: [PHP-DEV] Re: PHP 4.4.6 Released!

On Thu, 1 Mar 2007, Andrew Hutchings wrote:

> Derick Rethans wrote:
> > Hello!
> > 
> > The PHP development team would like to announce the immediate 
> > availability of PHP 4.4.6.  This release addresses a crash problem with 
> > the session extension when register_globals is turned on that was 
> > introduced in PHP 4.4.6.
> 
> So these release fixes a crash that wasn't introduced until this
> release.  That's clever ;)

Nope, it's a typo, it should read:

	This release addresses a crash problem with the session 
	extension when register_globals is turned on that was introduced 
	in PHP 4.4.5.

regards,
Derick

--

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Permalink | Reply | 0 comments |
headers
Michael Vergoz | 1 Mar 2007 14:29

[PHP-DEV] Thread safe problem on module_registry (Zend API Feature/Change request)

Hi
I am currently developing a kind of application server based on PHP
language.
I use modifications I made on SAPI embed/.
I use threads massively.

In my application design, every thread can load different PHP modules. In
practise, modules are loaded just before php_request_startup() and they are
unloaded after php_request_shutdown()

The problem I face is that I randomly receive PHP warnings :
<br />
<b>Warning</b>:  Module 'X7V3' already loaded in <b>Unknown</b> on line
<b>0</b><br />
<br />
<b>Warning</b>:  Function registration failed - duplicate name -
XXXXXXXXXXXXXXXXXX in <b>Unknown</b> on line <b>0</b><br />
<br />
<b>Warning</b>:  X7V3:  Unable to register functions, unable to load in
<b>Unknown</b> on line <b>0</b><br /

I looked at Zend/zend_API.c and I realized that 2 variables, "module_count"
and "module_registry", are not thread safe and that there is a comment
recomending mutex use for these 2 variables.

I had asked for a Feature/Change request on bugs.php.net (#40668) but it has
been closed :s

Then I learnt (thank you Tony) that dl() function is deactivated in  ZTS
mode and I also learnt from Tony that this kind of problem was not a
(Continue reading)

Permalink | Reply | 5 comments |
headers
Benjamin Schulz | 1 Mar 2007 16:17
Picon

[PHP-DEV] [PATCH] ext/sysvmsg: msg_queue_exists()

Hi Wez,
this patch that adds a msg_queue_exists() to ext/sysvmsg. Currently  
there is no way to tell wether msg_get_queue() will create or just a  
attach to a queue.

It would be great to see this function in the next PHP release.

Benjamin

diff -u php-5.2.1/ext/sysvmsg/php_sysvmsg.h php-5.2.1-patched/ext/sysvmsg/php_sysvmsg.h
--- php-5.2.1/ext/sysvmsg/php_sysvmsg.h	2007-01-08 23:34:07.000000000 +0100
+++ php-5.2.1-patched/ext/sysvmsg/php_sysvmsg.h	2007-03-01 15:51:28.000000000 +0100
 <at>  <at>  -48,6 +48,7  <at>  <at> 
 PHP_FUNCTION(msg_set_queue);
 PHP_FUNCTION(msg_send);
 PHP_FUNCTION(msg_receive);
+PHP_FUNCTION(msg_queue_exists);

 typedef struct {
 	key_t key;
diff -u php-5.2.1/ext/sysvmsg/sysvmsg.c php-5.2.1-patched/ext/sysvmsg/sysvmsg.c
--- php-5.2.1/ext/sysvmsg/sysvmsg.c	2007-01-17 09:25:32.000000000 +0100
+++ php-5.2.1-patched/ext/sysvmsg/sysvmsg.c	2007-03-01 15:51:28.000000000 +0100
 <at>  <at>  -72,6 +72,7  <at>  <at> 
 	PHP_FE(msg_remove_queue,			NULL)
 	PHP_FE(msg_stat_queue,				NULL)
 	PHP_FE(msg_set_queue,				NULL)
+	PHP_FE(msg_queue_exists,			NULL)
 	{NULL, NULL, NULL}	/* Must be the last line in sysvmsg_functions[] */
(Continue reading)

Permalink | Reply | 1 comment |
headers
Richard Lynch | 1 Mar 2007 23:06

Re: [PHP-DEV] Thread safe problem on module_registry (Zend API Feature/Change request)

On Thu, March 1, 2007 7:29 am, Michael Vergoz wrote:

I don't claim to understand this issue fully/deeply, but I'm
definitely +1 on resurrecting 'dl' if this change fixes everything to
everyone's satisfaction.

Not that my vote actually counts, as I've never had the skills/time to
actually contribute C code to PHP.

I may be the only user on the planet with a shared host that lets me
use 'dl' to pull in extensions, but there it is, and I kinda need it,
as there are no other viable options to do what I need to do, other
than changing to a new webhost I might not like... :-)

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?

--

-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Permalink | Reply | 3 comments |
headers
William A. Rowe, Jr. | 2 Mar 2007 01:19

Re: [PHP-DEV] PHP 5.2.1 crashing Apache/IIS...

Thomas Hruska wrote:
> Heads up!  Installed the latest Win32 binaries of thread-safe PHP 5.2.1
> on Win32 Apache and IIS.  PHP started crashing (definitely PHP -
> php5ts.dll) when I went to access the MyProBB web forum.  (Win32 Apache
> flat out crashes, IIS bails with HTTP 500 errors).

Considering PHP 5.2.1 was a security release with borked safe malloc
code for threading, is there any chance of a 5.2.2 bugfix-only release
to get good 'official' code into users' hands?  No 5.2.2_RC1 in sight,
but I'm pretty certain these fixes are already on PHP5.2 branch?

Bill

--

-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Permalink | Reply | 1 comment |

Gmane