Ubuntu
php5 package

Bug #315507
Comment #16

Comment 16 for bug 315507

Revision history for this message

Diego Malatesta (diego-malatesta) wrote on 2009-07-20: Re: Unable to remove Suhosin patch

#16

info.html Edit (43.9 KiB, text/html)

Ok I was able to reproduce the problem on a new VM

Steps:

1) Create fresh vm: done, installed Ubuntu 8.04.2 amd64 as denoted by

# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 8.04.3 LTS (it shows .3 because I issued the command after the update I think)
Release: 8.04
Codename: hardy

2) Update system and reboot: done

3) Install LAMP Server packages: done. I didn't install mysql, only apache2 and php5 (I have the db on another machine)

4) We need ODBC: done. Installed php5-odbc libmyodbc unixodbc, copied the sample configurations and adapted odbc.ini to connect to my db server. Plus I tested the connection with isql and worked.

5) Create a PHP test page: done. I've attached the info.html file (with ip and domain hidden for privacy reasons)

6) I already have a database ready (MySQL 5.0.24)

7) Create PHP page to test odbc: done. It's the exact copy of your example script, with the connection data and the table changed of course

8) Try the script.. and here the browser serves me the file as a download. In /var/log/apache2/error.log there is the canary error. Here's the complete log:

[Mon Jul 20 11:39:37 2009] [notice] Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.6 with Suhosin-Patch configured -- resuming normal operations
[Mon Jul 20 11:47:47 2009] [error] [client <client ip>] ALERT - canary mismatch on efree() - heap overflow detected (attacker '<client ip>', file '/var/www/odbctest.php', line 11), referer: http://<server ip>/
[Mon Jul 20 11:47:47 2009] [error] [client <client ip>] ALERT - canary mismatch on efree() - heap overflow detected (attacker '<client ip>', file '/var/www/odbctest.php', line 11), referer: http://<server ip>/

9) and 10) no sense doing these. The issue in not intermittent, it happens every time.

11) Document exact versions of packages:

# dpkg-query -W apache2 libapache2-mod-php5 libmyodbc php5-common php5-odbc
apache2 2.2.8-1ubuntu0.10
libapache2-mod-php5 5.2.4-2ubuntu5.6
libmyodbc 3.51.15r409-2
php5-common 5.2.4-2ubuntu5.6
php5-odbc 5.2.4-2ubuntu5.6