When requesting a PHP script using mssql_connect() (throug the FreeTDS library) through Apache 2.2, the execution of the request stops suddenly when it reaches a mssql_connect() statement.  

The script only exits when connecting through the Apache 2.2 SAPI; executing the script with a command line `/usr/bin/php` results in the proper behavior without an exit.  On exit, this is shown in the syslog:

*** stack smashing detected ***: apache2 - terminated apache2: stack smashing attack in function tds_write_packet


The exit does *not* occur if you enter in an invalid IP to connect to (it will return false, flash a PHP error message, and continue execution).  However, it still occurs even if you provide invalid authentication information to mssql_connect(), so the issue occurs before the authentication information reply is received.

Reproducible: Always

Steps to Reproduce:
Script:
START!
<?php
var_dump(mssql_connect('70.252.xxx.xxx', 'user', 'pass')); 
?>
DONE!

Actual Results:  
(no output -- although 'START!'  is displayed if flush() is called prior to output)

Expected Results:  
START!
resource(4) of type (mssql link)
DONE!



# emerge --info
Portage 2.1.2.12 (hardened/x86/2.6, gcc-3.4.6, glibc-2.5-r4, 2.6.17-hardened-r1 i686)
=================================================================
System uname: 2.6.17-hardened-r1 i686 Intel(R) Xeon(TM) CPU 3.20GHz
Gentoo Base System release 1.12.9
Timestamp of tree: Sun, 09 Sep 2007 04:20:01 +0000
app-shells/bash:     3.2_p17
dev-java/java-config: 1.3.7, 2.0.33-r1
dev-lang/python:     2.4.4-r4
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 1.12.9-r2
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.17
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.21
ACCEPT_KEYWORDS="x86"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=pentium4 -pipe -O2"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /var/bind /var/qmail/alias /var/qmail/control /var/vpopmail/domains /var/vpopmail/etc"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/php/apache2-php4/ext-active/ /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php4/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php4/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-march=pentium4 -pipe -O2"
DISTDIR="/usr/portage/distfiles"
FEATURES="distlocks metadata-transfer sandbox sfperms strict"
GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://garlic.privatenet.mudbugmedia.com/gentoo-portage"
USE="apache2 bzip2 chroot clearpasswd cli cracklib crypt ctype curl examples expat gd hardened hpn ipalias jpeg midi mpm-prefork mssql multiuser munin-apache mysql nls notlsbeforeauth nptl nptlonly pam pcre pic png posix qmail readline ruby sendfile session sftplogging spamassassin ssl symlink tcpd threads tools unicode urandom utf8 vchroot vhosts x86 xml xorg zlib" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="mouse keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS