Professional Web Applications Themes

#40079 [NEW]: php_get_current_user() not thread safe - PHP Bugs

From: wharmby at uk dot ibm dot com Operating system: Linux RHEL4 PHP version: 5CVS-2007-01-09 (snap) PHP Bug Type: Scripting Engine problem Bug description: php_get_current_user() not thread safe Description: ------------ The current implementation of php_get_current_user() uses the non-reentrant getpwuid() rather than the reentrant getpwuid_r(). Therefore issuing on Linux in a ZTS enabled build could lead to unpredictable/undesirable results. the code should use the re-entrant version if it is available. The following patch which were built against the latest snapshot (Jan 9 2007, 1330 GMT) modifies the code in main/safe_mode.c to use the re-entrant getpwuid_r if its available: [url]http://pastebin.ca/311144[/url] Following makes ...

  1. #1

    Default #40079 [NEW]: php_get_current_user() not thread safe

    From: wharmby at uk dot ibm dot com
    Operating system: Linux RHEL4
    PHP version: 5CVS-2007-01-09 (snap)
    PHP Bug Type: Scripting Engine problem
    Bug description: php_get_current_user() not thread safe

    Description:
    ------------
    The current implementation of php_get_current_user() uses
    the non-reentrant getpwuid() rather than the reentrant
    getpwuid_r(). Therefore issuing on Linux in a ZTS enabled
    build could lead to unpredictable/undesirable results. the code should use
    the re-entrant version if it is available.

    The following patch which were built against the latest
    snapshot (Jan 9 2007, 1330 GMT) modifies the code in
    main/safe_mode.c to use the re-entrant getpwuid_r if its
    available:

    [url]http://pastebin.ca/311144[/url]

    Following makes necessary associated change to configure.in:

    [url]http://pastebin.ca/311140[/url]

    Fix tested on Linux RHEL with mysql extension enabled and
    sql.safe_mode=On in php.ini. The modified code can then easily be invoked
    by issuing mysql_connect().



    Reproduce code:
    ---------------
    Problem found by code inspection. As with most thread safety
    issues difficult to produce a simple testcase which will show a
    reproducible crash but current Linux executable is clearly not reentrant.

    Expected result:
    ----------------
    N/A

    Actual result:
    --------------
    N/A

    --
    Edit bug report at [url]http://bugs.php.net/?id=40079&edit=1[/url]
    --
    Try a CVS snapshot (PHP 4.4): [url]http://bugs.php.net/fix.php?id=40079&r=trysnapshot44[/url]
    Try a CVS snapshot (PHP 5.2): [url]http://bugs.php.net/fix.php?id=40079&r=trysnapshot52[/url]
    Try a CVS snapshot (PHP 6.0): [url]http://bugs.php.net/fix.php?id=40079&r=trysnapshot60[/url]
    Fixed in CVS: [url]http://bugs.php.net/fix.php?id=40079&r=fixedcvs[/url]
    Fixed in release: [url]http://bugs.php.net/fix.php?id=40079&r=alreadyfixed[/url]
    Need backtrace: [url]http://bugs.php.net/fix.php?id=40079&r=needtrace[/url]
    Need Reproduce Script: [url]http://bugs.php.net/fix.php?id=40079&r=needscript[/url]
    Try newer version: [url]http://bugs.php.net/fix.php?id=40079&r=oldversion[/url]
    Not developer issue: [url]http://bugs.php.net/fix.php?id=40079&r=support[/url]
    Expected behavior: [url]http://bugs.php.net/fix.php?id=40079&r=notwrong[/url]
    Not enough info: [url]http://bugs.php.net/fix.php?id=40079&r=notenoughinfo[/url]
    Submitted twice: [url]http://bugs.php.net/fix.php?id=40079&r=submittedtwice[/url]
    register_globals: [url]http://bugs.php.net/fix.php?id=40079&r=globals[/url]
    PHP 3 support discontinued: [url]http://bugs.php.net/fix.php?id=40079&r=php3[/url]
    Daylight Savings: [url]http://bugs.php.net/fix.php?id=40079&r=dst[/url]
    IIS Stability: [url]http://bugs.php.net/fix.php?id=40079&r=isapi[/url]
    Install GNU Sed: [url]http://bugs.php.net/fix.php?id=40079&r=gnused[/url]
    Floating point limitations: [url]http://bugs.php.net/fix.php?id=40079&r=float[/url]
    No Zend Extensions: [url]http://bugs.php.net/fix.php?id=40079&r=nozend[/url]
    MySQL Configuration Error: [url]http://bugs.php.net/fix.php?id=40079&r=mysqlcfg[/url]
    wharmby at uk dot ibm dot com Guest

  2. #2

    Default #40079 [Opn->Asn]: php_get_current_user() not thread safe

    ID: 40079
    Updated by: [email]iliaaphp.net[/email]
    Reported By: wharmby at uk dot ibm dot com
    -Status: Open
    +Status: Assigned
    Bug Type: Scripting Engine problem
    Operating System: Linux RHEL4
    PHP Version: 5CVS-2007-01-09 (snap)
    -Assigned To:
    +Assigned To: iliaa


    Previous Comments:
    ------------------------------------------------------------------------

    [2007-01-09 17:58:59] wharmby at uk dot ibm dot com

    Description:
    ------------
    The current implementation of php_get_current_user() uses
    the non-reentrant getpwuid() rather than the reentrant
    getpwuid_r(). Therefore issuing on Linux in a ZTS enabled
    build could lead to unpredictable/undesirable results. the code should
    use the re-entrant version if it is available.

    The following patch which were built against the latest
    snapshot (Jan 9 2007, 1330 GMT) modifies the code in
    main/safe_mode.c to use the re-entrant getpwuid_r if its
    available:

    [url]http://pastebin.ca/311144[/url]

    Following makes necessary associated change to configure.in:

    [url]http://pastebin.ca/311140[/url]

    Fix tested on Linux RHEL with mysql extension enabled and
    sql.safe_mode=On in php.ini. The modified code can then easily be
    invoked by issuing mysql_connect().



    Reproduce code:
    ---------------
    Problem found by code inspection. As with most thread safety
    issues difficult to produce a simple testcase which will show a
    reproducible crash but current Linux executable is clearly not
    reentrant.

    Expected result:
    ----------------
    N/A

    Actual result:
    --------------
    N/A


    ------------------------------------------------------------------------


    --
    Edit this bug report at [url]http://bugs.php.net/?id=40079&edit=1[/url]
    iliaa@php.net Guest

  3. #3

    Default #40079 [Asn->Csd]: php_get_current_user() not thread safe

    ID: 40079
    Updated by: [email]iliaaphp.net[/email]
    Reported By: wharmby at uk dot ibm dot com
    -Status: Assigned
    +Status: Closed
    Bug Type: Scripting Engine problem
    Operating System: Linux RHEL4
    PHP Version: 5CVS-2007-01-09 (snap)
    Assigned To: iliaa
    New Comment:

    This bug has been fixed in CVS.

    Snapshots of the sources are packaged every three hours; this change
    will be in the next snapshot. You can grab the snapshot at
    [url]http://snaps.php.net/[/url].

    Thank you for the report, and for helping us make PHP better.




    Previous Comments:
    ------------------------------------------------------------------------

    [2007-01-09 17:58:59] wharmby at uk dot ibm dot com

    Description:
    ------------
    The current implementation of php_get_current_user() uses
    the non-reentrant getpwuid() rather than the reentrant
    getpwuid_r(). Therefore issuing on Linux in a ZTS enabled
    build could lead to unpredictable/undesirable results. the code should
    use the re-entrant version if it is available.

    The following patch which were built against the latest
    snapshot (Jan 9 2007, 1330 GMT) modifies the code in
    main/safe_mode.c to use the re-entrant getpwuid_r if its
    available:

    [url]http://pastebin.ca/311144[/url]

    Following makes necessary associated change to configure.in:

    [url]http://pastebin.ca/311140[/url]

    Fix tested on Linux RHEL with mysql extension enabled and
    sql.safe_mode=On in php.ini. The modified code can then easily be
    invoked by issuing mysql_connect().



    Reproduce code:
    ---------------
    Problem found by code inspection. As with most thread safety
    issues difficult to produce a simple testcase which will show a
    reproducible crash but current Linux executable is clearly not
    reentrant.

    Expected result:
    ----------------
    N/A

    Actual result:
    --------------
    N/A


    ------------------------------------------------------------------------


    --
    Edit this bug report at [url]http://bugs.php.net/?id=40079&edit=1[/url]
    iliaa@php.net Guest

Similar Threads

  1. Replies: 0
    Last Post: May 23rd, 05:09 PM
  2. #40098 [NEW]: php_fopen_primary_script() not thread safe
    By wharmby at uk dot ibm dot com in forum PHP Bugs
    Replies: 7
    Last Post: January 12th, 02:35 PM
  3. Replies: 0
    Last Post: January 11th, 12:03 PM
  4. Thread-safe Code
    By Erik J Sawyer in forum ASP.NET Web Services
    Replies: 2
    Last Post: October 3rd, 05:06 PM
  5. ModRuby FileUploads thread safe?
    By George Moschovitis in forum Ruby
    Replies: 0
    Last Post: June 27th, 05:16 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139