Ubuntu
php-radius package

segfault on radius_create_request

Bug #1576107 reported by Erik van Luijk
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
php-radius (Ubuntu)
Fix Released
High
Steve Beattie

Bug Description

Since the upgrade of php5-radius to version 1.2.5-2+squeeze1ubuntu0.12.04.1 on a 64 bit system the following script produces a segfault:
<?php
$radius = radius_auth_open();
radius_add_server($radius,'<radius server>',1812,'<secret>',5,3);
radius_create_request($radius,RADIUS_ACCESS_REQUEST);

When I manually downgraded to 1.2.5-2ubuntu1 everything works as expected.

The bug is related to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702872 where it states that the patch wasn't needed for squeeze and apparently also for precise.

It is also related to https://bugs.launchpad.net/ubuntu/+source/php-radius/+bug/502924 but precise uses version 1.2.5-2 of the source and not 1.2.5-2.3.

I assume the issue is arisen from a rebuild of the package (and .so) and therefore we now need this patch.

See original description
Erik van Luijk (itserik)
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in php-radius (Ubuntu):
status: New → Confirmed
Revision history for this message
Giovanni Mellini (merlos) wrote :

I can confirm the problem on Ubuntu 12.04 64 bit
The downgrade works, I write down the command for anyone else is experiencing the same issue:

apt-get install php5-radius=1.2.5-2ubuntu1

Steve Beattie (sbeattie)
Changed in php-radius (Ubuntu):
importance: Undecided → High
assignee: nobody → Steve Beattie (sbeattie)
Revision history for this message
Steve Beattie (sbeattie) wrote :

Hello, thanks for thebug report. My apologies for the regression. I have prepared a php-radius package that should address this issue in the ubuntu-security-proposed PPA: https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages . If someone could test these and confirm that it addresses the seggfaulting issue on 64bit platforms, I can get these published in the precise-security and precise-updates pockets.

Thanks for your patience!

Revision history for this message
Giovanni Mellini (merlos) wrote :

@sbeattie
Just tested the proposed package and I can confirm that is working as expected.

Follow my test procedure on my test Precise server

# add-apt-repository ppa:ubuntu-security-proposed/ppa
# apt-get update
# apt-get install php5-radius
# dpkg-query -l php5-radius
[...]
ii php5-radius 1.2.5-2+squeeze1ubuntu0.12.04.2 PECL radius module for PHP 5
# service apache2 restart

Tested the application that where broken by last update and is working with this new package.
Then i removed the proposed PPA from my test server

# cd /etc/apt/sources.list.d
# rm ubuntu-security-proposed-ppa-precise.list
# apt-get update

I wait the fix to come in the stable repo before upgrade my production server.
Tks a lot for quick response
Giovanni

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package php-radius - 1.2.5-2+squeeze1ubuntu0.12.04.2

---------------
php-radius (1.2.5-2+squeeze1ubuntu0.12.04.2) precise-security; urgency=medium

  * REGRESSION UPDATE: fix segfault on 64 bit platiforms:
    [Thijs Kinkhorst]
    - Initialise type parameter to radius_create_request() as long, to
      avoid segfaulting in zend_parse_parameters() (LP: #1576107)
    - Patch origin:
      https://bugs.debian.org/cgi-bin/bugreport.cgi?filename=php5-radius.diff;msg=10;bug=702872;att=1

 -- Steve Beattie <email address hidden> Mon, 02 May 2016 08:58:10 -0700

Changed in php-radius (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Erik van Luijk (itserik) wrote :

Works as expected.

Thanks for the response and testing.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.