php5 5.6.11+dfsg-1ubuntu3.2 SOAP Out Of Memory (OOM)

Bug #1575298 reported by TJ on 2016-04-26
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
php5 (Ubuntu)
Undecided
Unassigned
Wily
High
Marc Deslauriers

Bug Description

User in #ubuntu reported an Out of Memory issue due to SOAP changes in ubuntu3.2 on 15.10 on several ubuntu servers.

19:03 --> magento_rocks (~<email address hidden>) has joined #ubuntu
19:04 <magento_rocks> where can i see the changelog for ubuntu 15.10?
19:05 <magento_rocks> a recent update fucked up something, on all servers running 15.10
...
19:05 <TJ-> magento_rocks: package install history is in /var/log/apt/
19:06 <TJ-> magento_rocks: specific package changelogs under /usr/share/doc/<package-name>/changelog*
19:07 <magento_rocks> TJ- thanks
...
19:08 <magento_rocks> php5-common:amd64 (5.6.11+dfsg-1ubuntu3.1, 5.6.11+dfsg-1ubuntu3.2)
19:08 <magento_rocks> that means it was upgrade from 3.1 to 3.2?
19:09 <TJ-> magento_rocks: yes, and the changelog contains headings that match each version
19:10 <magento_rocks> ok great. now i just need to "downgrade" to 3.1
19:12 <TJ-> magento_rocks apt-get install php5=5.6.11+dfsg-1ubuntu3.1 or similar... probably need to list all the php5* packages that were upgraded, and suffix them with the exact version you want
19:12 <magento_rocks> https://launchpad.net/ubuntu/+source/php5/5.6.11+dfsg-1ubuntu3.2 - the SOAP Client update is causing OOM errors
19:12 <magento_rocks> thanks for your help TJ-, i appreciate it

CVE References

Dave Barnes (phpdave11) wrote :

the failure is occurring just after the lines patched in php_http.c - line 842

Seth Arnold (seth-arnold) wrote :

Can you include error messages, logs, or instructions to reproduce the issue?

Thanks

Changed in php5 (Ubuntu):
status: New → Invalid
Changed in php5 (Ubuntu Wily):
status: New → In Progress
assignee: nobody → Marc Deslauriers (mdeslaur)
importance: Undecided → High
Dave Barnes (phpdave11) wrote :

I've attached sample code to reproduce the issue. However, it is dependent on a Magento server for the SOAP endpoint.

Here is the output I get on a Ubuntu 15.10 server with php5 5.6.11+dfsg-1ubuntu3.2 installed:

dave-barnes@datamart-dave:~/code/soap$ php client.php
PHP Fatal error: Out of memory (allocated 2883584) (tried to allocate 4294967658 bytes) in /home/dave-barnes/code/soap/client.php on line 249
PHP Fatal error: Uncaught SoapFault exception: [Client] Out of memory (allocated 2883584) (tried to allocate 4294967658 bytes) in /home/dave-barnes/code/soap/client.php:249
Stack trace:
#0 [internal function]: SoapClient->__doRequest('<?xml version="...', 'http://mage-tes...', 'urn:Action', 1, 0)
#1 /home/dave-barnes/code/soap/client.php(249): SoapClient->__call('catalogProductL...', Array)
#2 /home/dave-barnes/code/soap/client.php(249): SoapClient->catalogProductList('f13dac565d5c332...')
#3 {main}
  thrown in /home/dave-barnes/code/soap/client.php on line 249

Marc Deslauriers (mdeslaur) wrote :

I believe I have located the issue and have uploaded a package for testing in the following PPA:

https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages

Once the package has finished building, could you please test it and confirm that the regression is fixed?

I'll release the package as a security regression fix as soon as it has been tested.

Thanks!

Dave Barnes (phpdave11) wrote :

Hi Marc,

Thank you for the fast fix! After I installed 5.6.11+dfsg-1ubuntu3.3 from ubuntu-security-proposed/ppa, the SOAP OOM error went away. It appears that the regression has been fixed.

Thanks!

Marc Deslauriers (mdeslaur) wrote :

Thanks for testing the fix! I'll release the update today.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package php5 - 5.6.11+dfsg-1ubuntu3.3

---------------
php5 (5.6.11+dfsg-1ubuntu3.3) wily-security; urgency=medium

  * SECURITY REGRESSION: out of memory in SOAP (LP: #1575298)
    - debian/patches/CVE-2015-8835.patch: updated to fix bad patch
      backport.

 -- Marc Deslauriers <email address hidden> Tue, 26 Apr 2016 14:57:54 -0400

Changed in php5 (Ubuntu Wily):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers