Ubuntu
php-ssh2 package

libssh2-php segmentation fault

Bug #1712994 reported by Christian Thiemann
28
This bug affects 5 people
Affects Status Importance Assigned to Milestone
php-ssh2 (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Since the PHP security update on/around Aug 10 (5.5.9+dfsg-1ubuntu4.22), using the ssh2 wrappers causes a segmentation fault.

$host = "...";
$port = 22;
$user = "...";
$pubkeyfile = "...";
$privkeyfile = "...";
$path = "...";

$conn = ssh2_connect($host, $port);
ssh2_auth_pubkey_file($conn, $user, $pubkeyfile, $privkeyfile);
$handle = ssh2_sftp($conn);
scandir("ssh2.sftp://$handle/$path");

# lsb_release -rd
Description: Ubuntu 14.04.5 LTS
Release: 14.04

# apt-cache policy libssh2-php
libssh2-php:
  Installed: 0.12-1build1
  Candidate: 0.12-1build1
  Version table:
 *** 0.12-1build1 0
        500 http://ftp.halifax.rwth-aachen.de/ubuntu/ trusty/universe amd64 Packages
        500 http://de.archive.ubuntu.com/ubuntu/ trusty/universe amd64 Packages
        500 http://archive.ubuntu.com/ubuntu/ trusty/universe amd64 Packages
        100 /var/lib/dpkg/status

# gdb backtrace
Program received signal SIGSEGV, Segmentation fault. [340/2496]
__strstr_sse2_unaligned () at ../sysdeps/x86_64/multiarch/strstr-sse2-unaligned.S:22
22 ../sysdeps/x86_64/multiarch/strstr-sse2-unaligned.S: No such file or directory.
(gdb) bt
#0 __strstr_sse2_unaligned () at ../sysdeps/x86_64/multiarch/strstr-sse2-unaligned.S:22
#1 0x00007fffec0302d8 in php_ssh2_fopen_wraper_parse_path () from /usr/lib/php5/20121212/ssh2.so
#2 0x00007fffec0340b2 in ?? () from /usr/lib/php5/20121212/ssh2.so
#3 0x000000000069fd62 in _php_stream_opendir ()
#4 0x00000000006a05b4 in _php_stream_scandir ()
#5 0x0000000000612741 in zif_scandir ()
#6 0x00000000006d5c2b in dtrace_execute_internal ()
#7 0x0000000000795020 in ?? ()
...
#37 0x0000000000795670 in ?? ()
#38 0x000000000070f958 in execute_ex ()
#39 0x00000000006d5b29 in dtrace_execute_ex ()
#40 0x00000000006e71b0 in zend_execute_scripts ()

CVE References

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in php-ssh2 (Ubuntu):
status: New → Confirmed
Revision history for this message
Marco Scholl (traxanos) wrote :

Some Problem here. This bug affected many web applications in our data center. Why nobody fix this regression.

Revision history for this message
Marco Scholl (traxanos) wrote :

here some more infos. https://bugs.launchpad.net/ubuntu/+source/php-ssh2/+bug/1663281

Revision history for this message
Christian Thiemann (thiemann) wrote :

FYI in case someone can't wait for a package update being shipped, the workaround mentioned in the other bug works for me:

$handle = ssh2_sftp($conn);
//scandir("ssh2.sftp://$handle/$path");
scandir("ssh2.sftp://".intval($handle)."/$path");

https://bugs.launchpad.net/ubuntu/+source/php-ssh2/+bug/1663281/comments/5

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.