Bug 491100

Summary:	>=dev-lang/php-5.5.4's stack smashing protection kills ODBC queries
Product:	Gentoo Linux	Reporter:	Michael Orlitzky <mjo>
Component:	[OLD] Development	Assignee:	PHP Bugs <php-bugs>
Status:	RESOLVED FIXED
Severity:	normal	Keywords:	UPSTREAM
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://bugs.php.net/bug.php?id=66311
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	PHP script to reproduce the problem Sample odbc.ini configured for a local MySQL mysqldump of the php_ssp_test database

Description Michael Orlitzky gentoo-dev

2013-11-12 17:10:05 UTC

Created attachment 363130 [details]
PHP script to reproduce the problem

When selecting a moderate number of rows over ODBC, PHP commits suicide:

  $ php ssp-test.php 
  Connected to database...
  
  *** stack smashing detected ***: php - terminated
  php: stack smashing attack in function <unknown> - terminated
  Report to http://bugs.gentoo.org/
  Killed

This appeared after a (simultaneous) upgrade to gcc-4.7.3-r1 and php-5.5.4. It also happens with php-5.5.5.

To reproduce, you'll need a few things:

  1) dev-db/unixODBC and dev-db/myodbc installed

  2) dev-lang/php built with USE=odbc

  3) A mysql database for testing

  4) An entry in odbc.ini for the mysql database

  5) A PHP script to pull some rows out of the database

I can provide (3) through (5).

The mysql database I'm using is called 'php_ssp_test', and it contains one table "drivers" and one column "driver". The data for this database can be found in php_ssp_test.sql, and you should be able to pipe it directly inti to mysql after you create the php_ssp_test database.

The attached odbc.ini goes in /etc/unixODBC/odbc.ini and provides a DSN for the MySQL database.

The script ssp-test.php will connect to that DSN as the MySQL "root" user with password "password" (all of this is easy to change). It will then select all records from the 'drivers' table and print them one at a time.

Comment 1 Michael Orlitzky gentoo-dev

2013-11-12 17:10:36 UTC

Created attachment 363132 [details]
Sample odbc.ini configured for a local MySQL

Comment 2 Michael Orlitzky gentoo-dev

2013-11-12 17:11:06 UTC

Created attachment 363134 [details]
mysqldump of the php_ssp_test database

Comment 3 Michael Orlitzky gentoo-dev

2013-11-12 17:13:41 UTC

I should mention a workaround: if you recompile php without SSP, it will work. So for example,

  # gcc-config -l
   [1] x86_64-pc-linux-gnu-4.7.3 *
   [2] x86_64-pc-linux-gnu-4.7.3-hardenednopie
   [3] x86_64-pc-linux-gnu-4.7.3-hardenednopiessp
   [4] x86_64-pc-linux-gnu-4.7.3-hardenednossp
   [5] x86_64-pc-linux-gnu-4.7.3-vanilla

  # gcc-config 4

  # source /etc/profile

Comment 4 Matti Bickel (RETIRED) gentoo-dev

2013-11-13 21:19:26 UTC

I'm updating my @system to gcc-4.7.3 to test this, stay tuned.

Comment 5 Magnus Granberg gentoo-dev

2013-12-17 16:51:45 UTC

Fix the smashing attack insstead of disable ssp
Recompile glibc with use debug then you should get note what
function it happens. just turn ssp of is a only a short way
to hide the problem for the code error may be expliteble.

Comment 6 Michael Orlitzky gentoo-dev

2013-12-22 16:37:23 UTC

The fix has been committed upstream and merged into the 5.4, 5.5, and 5.6 branches. Just waiting for a release now.

Comment 7 Michael Orlitzky gentoo-dev

2014-02-15 16:21:15 UTC

Ok, the fix is in 5.5.8 in the tree.