PHP and Apache segfault on db4 - not linked to the same version of the db library

Bug #165247 reported by Zefram on 2007-11-26
14
Affects Status Importance Assigned to Milestone
php5 (Ubuntu)
Low
Daniel Hahler
Gutsy
Low
Unassigned
Hardy
Low
Daniel Hahler

Bug Description

Binary package hint: libapache2-mod-php5

I'm getting a segfault when trying to read in PHP5 some db4 RewriteMaps in Apache. I believe the problem has to do with linking of different db4 libraries in php5 and apache2:

apache2-mpm-prefork requires libdb4.4
libapache2-mod-php5 requires libdb4.5

So, to reiterate a bit. I have some RewriteMaps in Apache2, such as:

RewriteMap testHash dbm=db:/var/www/website/map.db

When trying to access this file from php5, I get a segfault on:

dba_open('/var/www/website/map.db', 'c');

TESTCASE:
  1. Install libapache2-mod-php5.
  2. Create /var/www/test.php containing the line:
             <?php dba_open('/var/www/map.db', 'c'); ?>
  3. Create /var/www/.htaccess:
            RewriteMap testHash dbm=db:/var/www/map.db
            RewriteRule ^/ex/(.*) ${testHash:$1}
  4. Create /var/www/map.txt:
            a b
  5. Generate the db file with the command:
           $ sudo httxt2dbm -i /var/www/map.txt -o /var/www/map.db
  6. Open the test.php file with a browser. It should prompt you to download test.php. /var/log/apache2/error.log has a line similar to: [notice] child pid 17987 exit signal Segmentation fault (11)
Expected result: blank page.

Related branches

CVE References

Mathias Gug (mathiaz) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better.

I confirm this bug with the following version:
  apache2-mpm-prefork 2.2.6-2
  libapache2-mod-php5 5.2.3-1ubuntu6

TESTCASE:
 1. Install libapache2-mod-php5.
 2. Create /var/www/test.php containing the line:
            <? dba_open('/var/www/map.db', 'c'); ?>
 3. Create /var/www/.htaccess:
           RewriteMap testHash dbm=db:/var/www/map.db
           RewriteRule ^/ex/(.*) ${testHash:$1}
 4. Create /var/www/map.txt:
           a b
 5. Generate the db file with the command:
          $ sudo httxt2dbm -i /var/www/map.txt -o /var/www/map.db
 6. Open the test.php file with a browser. It should prompt you to download test.php. /var/log/apache2/error.log has a line similar to: [notice] child pid 17987 exit signal Segmentation fault (11)

Expected result: blank page.

Changed in php5:
importance: Undecided → Low
status: New → Triaged
Kees Cook (kees) wrote :

I can confirm this on Gutsy as well. With both release and -security builds of php5.

Changed in php5:
status: New → Triaged
Ignacy Gawędzki (iazz) wrote :

I rebuilt the php5 packages from Gutsy, after having removed the libdb4.5 with dpkg -r --force-depends. The newly built packages work indeed.

Daniel Hahler (blueyed) wrote :

I wonder, why that is the case, because php5 Build-Depends on libdb4.4-dev only.
According to the build log (http://launchpadlibrarian.net/9793658/buildlog_ubuntu-gutsy-i386.php5_5.2.3-1ubuntu6_FULLYBUILT.txt.gz) libdb4.5 gets installed though - which appears to cause this problem.

I'll add a patch in 5.2.4-2ubuntu1 to ignore db4.5 if installed.

Changed in php5:
assignee: nobody → blueyed
status: Triaged → In Progress

On Wed, Dec 19, 2007 at 03:25:26AM -0000, thus spake dAniel hAhler:
> I wonder, why that is the case, because php5 Build-Depends on libdb4.4-dev only.
> According to the build log (http://launchpadlibrarian.net/9793658/buildlog_ubuntu-gutsy-i386.php5_5.2.3-1ubuntu6_FULLYBUILT.txt.gz) libdb4.5 gets installed though - which appears to cause this problem.

Is it not just because the source package has been installed on a system where
libdb4.5 was available and, since the call to configure did not *force* the
use of libdb4.4, the binary was linked to libdb4.5 and consequently
dh_shlibdeps detected that dependency?

> I'll add a patch in 5.2.4-2ubuntu1 to ignore db4.5 if installed.
>
> ** Changed in: php5 (Ubuntu Hardy)
> Assignee: (unassigned) => dAniel hAhler (blueyed)
> Status: Triaged => In Progress
>
> --
> PHP and Apache segfault on db4 - not linked to the same version of the db library
> https://bugs.launchpad.net/bugs/165247
> You received this bug notification because you are a direct subscriber
> of the bug.
>

--
I drive way too fast to worry about cholesterol.

Daniel Hahler (blueyed) on 2007-12-19
Changed in php5:
assignee: nobody → blueyed
importance: Undecided → Medium
status: Triaged → In Progress
Daniel Hahler (blueyed) on 2007-12-19
Changed in php5:
assignee: blueyed → nobody
importance: Medium → Low
status: In Progress → Triaged
Daniel Hahler (blueyed) wrote :
description: updated
Launchpad Janitor (janitor) wrote :
Download full text (5.2 KiB)

This bug was fixed in the package php5 - 5.2.4-2ubuntu1

---------------
php5 (5.2.4-2ubuntu1) hardy; urgency=low

  * Merge from Debian unstable (LP: #176011). Remaining Ubuntu changes:
    - debian/control, debian/rules: Disable a few build dependencies and
      accompanying binary packages which we do not want to support in main:
      + firebird2-dev/php5-interbase (we have a separate php-interbase source)
      + libc-client-dev/php5-imap (we have a separate php-imap source)
      + libmcrypt-dev/php5-mcrypt (separate php-mcrypt source)
    - debian/rules: Correctly mangle PHP5_* macros for lpia
    - debian/control: DebianMaintainerField
  * Builds php5-gmp (LP: #176013)
  * Fixes sybase_ct for MS SQL (LP: #21995)
  * New Ubuntu changes:
    - debian/rules: use 32M memory_limit for CLI and 16M for cgi/libapache
      (LP: #148871)
    - debian/control, debian/rules: Configure CLI with --with-libedit for
      readline support again, now that the libedit issue is fixed.
      Extended debian/patches/027-readline_is_editline.patch (LP: #124846)
    - Force build against db4.4 (by ignoring db4.5 if it is installed),
      debian/patches/use-specific-libdb-version.patch (LP: #165247)

php5 (5.2.4-2) unstable; urgency=low

  [ sean finney ]
  * for posterity revised previous changelog to reference the CVE id's
    of security issues resolved by the latest upstream release.
  * lintian: use debian/compat instead of DH_COMPAT in debian/rules.
  * lintian: use source:Version and binary:Version where appropriate,
    instead of Source-Version
  * lintian: remove a couple pieces of cruft in the changelog that were causing
    false-postive wrong-bug-number-in-closes, but were generally useless
    anyway.

  [ Raphael Geissert ]
  * Using test-results.txt as a target
  * cronjob now checks for existance of /usr/lib/php5/maxlifetime (Closes: #439286)
  * Fixed memory limit of 1232M in php.ini for cli (Closes: #440624)
  * Build the interbase extension using firebird2.0-dev (Closes: #433736)
  * Unapply patches with debian/rules clean

  [ Steve Langasek ]
  * Don't patch configure or php_config.h.in in suhosin.patch, as these are
    auto-generated and including them in the patch results in a race
    condition for the necessary build-time regeneration. Thanks to Daniel
    Schepler for reporting, and to Damyan Ivanov for helping to sort out the
    fix. Closes: #443637.
  * Also remove the modified auto-generated files in the clean target,
    which triggers a warning about disappearing files when building the
    source package but avoids carrying irrelevant diffs to these files
    in the Debian diff.
  * Now that the testsuite is being run at build time, test failures cause
    a bunch of junk files to be left around in the Debian diff. So clean up
    several false-positive failures:
    - 052-phpinfo_no_configure.patch: we're patching the output of phpinfo(),
      so patch the test as well
    - fix_broken_upstream_tests.patch: use a local directory for tests that
      use sessions, skip the phpinfo test after all because it doesn't appear
      to be compatible with current testsuite behavior, and disable the
      moneyformat test if...

Read more...

Changed in php5:
status: In Progress → Fix Released
S Me (s-me) wrote :

Sorry for boring you about this bug ...

but after a long debug, I findly discovered this is this dba_open bug explain some troubles I have with apache+php5 only on gutsy servers.

What can I do to avoid this problem ?

have a good year 2008,
thanks for your help,

Sam Lown (samlown) wrote :

I too had the same problems on my HTPC system where I only needed apache2 for the mythweb interface. My final (cheat) solution to the problem was to install the apache2-mpm-itk replacing the problematic apache2-mpm-prefork. (Any performance differences are a non-issue with this system.)

Hopefully however a fix for this will be back-ported to gutsy?

Cheers, sam

Martin Pitt (pitti) wrote :

Sponsored Daniel's fix (thank you!) and accepted into gutsy-proposed. Can you please test this package and give feedback here? Thanks!

Changed in php5:
status: Triaged → Fix Committed
Zefram (zefram) wrote :

Just updated, and this works! Great!! Thank you guys!

Sam Lown (samlown) wrote :

That was fast! I too can confirm that it appears to be working fine now!

Many thanks Indeed! sam

Works for me as well. Thanks. (It was causing phpwiki to crash when using db4 database.)

Martin Pitt (pitti) wrote :

Copied to gutsy-updates.

Changed in php5:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers