Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:19407 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 69693 invoked by uid 1010); 4 Oct 2005 18:31:35 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 69678 invoked from network); 4 Oct 2005 18:31:35 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 4 Oct 2005 18:31:35 -0000 X-Host-Fingerprint: 81.68.134.212 c514486d4.cable.wanadoo.nl Received: from ([81.68.134.212:2841] helo=localhost.localdomain) by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with SMTP id 74/A2-54476-28AC2434 for ; Tue, 04 Oct 2005 14:31:30 -0400 Message-ID: <74.A2.54476.28AC2434@pb1.pair.com> To: internals@lists.php.net References: <433973F4.2020103@ibink.com> <43397815.2030000@lerdorf.com> <4342A4A8.9090103@ibink.com> <362F3EA1-D850-429E-8889-54675FCEB920@omniti.com> <4342ACC1.2030106@ibink.com> Date: Tue, 4 Oct 2005 20:16:18 +0200 Lines: 53 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1437 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 X-Posted-By: 81.68.134.212 Subject: Re: [PHP-DEV] Comment on Bug #30153: FATAL erealloc() error whenusing gzinflate() From: r.korving@xit.nl ("Ron Korving") Tim, I'm no core PHP developer (just a user) but I'm pretty convinced that there's nothing that can be done to solve this from PHP. PHP just passes bytes to the zlib functions (which are implemented by the zlib guys). If one of these functions causes a segfault, there's really nothing you can do. Zlib just shouldn't segfault, but return a nice clean error. That's where the problem is. Once zlib segfaults, PHP segfaults (it's all the same process). I don't think there's any way to manage this behavior from PHP. Ron "Tim Nufire" wrote in message news:4342ACC1.2030106@ibink.com... > This is starting to sound like the dispute in the initial bug > report..... Regardless of the root cause, this is a serious bug in PHP > which exposes any script using gzinflate to denial of service attacks. > While I'm sure extending zlib provides the most elegant fix to this > problem, it should be possible to protect PHP scripts from crashes > without such extensions. At the very least, the documentation should > include a warning about this vulnerability..... I agree that a bug > should be filed against zlib as well but don't understand why there is > so much resistance to tracking this in the PHP bug database. I am not > the right person to file the zlib bug since I don't know enough about > what is needed there but I can open a new bug in the PHP db if reopening > 30153 is not the right answer. > > Tim > > George Schlossnagle wrote: > > > > > On Oct 4, 2005, at 11:50 AM, Tim Nufire wrote: > > > >> Ramus, > >> > >> Thanks for the response. Unfortunately, I don't have any great ideas > >> on how to patch this and for now have just stopped using gzinflate > >> :-/ Is there a way to reopen bug 30153? That description of this > >> issue is pretty good and, even if the bug is hard to fix, it should > >> still be tracked somewhere.... > > > > > > You should file a bug against zlib, as it is the library that needs > > to export these sorts of validation methods. If/when zlib supports > > this sort of feature, PHP will support it. > > > > George > > > >