Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC

Bug 491100

Summary: >=dev-lang/php-5.5.4's stack smashing protection kills ODBC queries
Product: Gentoo Linux Reporter: Michael Orlitzky <mjo>
Component: [OLD] DevelopmentAssignee: PHP Bugs <php-bugs>
Status: RESOLVED FIXED    
Severity: normal Keywords: UPSTREAM
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugs.php.net/bug.php?id=66311
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: PHP script to reproduce the problem
Sample odbc.ini configured for a local MySQL
mysqldump of the php_ssp_test database

Description Michael Orlitzky gentoo-dev 2013-11-12 17:10:05 UTC
Created attachment 363130 [details]
PHP script to reproduce the problem

When selecting a moderate number of rows over ODBC, PHP commits suicide:

  $ php ssp-test.php 
  Connected to database...
  
  *** stack smashing detected ***: php - terminated
  php: stack smashing attack in function <unknown> - terminated
  Report to http://bugs.gentoo.org/
  Killed

This appeared after a (simultaneous) upgrade to gcc-4.7.3-r1 and php-5.5.4. It also happens with php-5.5.5.

To reproduce, you'll need a few things:

  1) dev-db/unixODBC and dev-db/myodbc installed

  2) dev-lang/php built with USE=odbc

  3) A mysql database for testing

  4) An entry in odbc.ini for the mysql database

  5) A PHP script to pull some rows out of the database

I can provide (3) through (5).

The mysql database I'm using is called 'php_ssp_test', and it contains one table "drivers" and one column "driver". The data for this database can be found in php_ssp_test.sql, and you should be able to pipe it directly inti to mysql after you create the php_ssp_test database.

The attached odbc.ini goes in /etc/unixODBC/odbc.ini and provides a DSN for the MySQL database.

The script ssp-test.php will connect to that DSN as the MySQL "root" user with password "password" (all of this is easy to change). It will then select all records from the 'drivers' table and print them one at a time.
Comment 1 Michael Orlitzky gentoo-dev 2013-11-12 17:10:36 UTC
Created attachment 363132 [details]
Sample odbc.ini configured for a local MySQL
Comment 2 Michael Orlitzky gentoo-dev 2013-11-12 17:11:06 UTC
Created attachment 363134 [details]
mysqldump of the php_ssp_test database
Comment 3 Michael Orlitzky gentoo-dev 2013-11-12 17:13:41 UTC
I should mention a workaround: if you recompile php without SSP, it will work. So for example,

  # gcc-config -l
   [1] x86_64-pc-linux-gnu-4.7.3 *
   [2] x86_64-pc-linux-gnu-4.7.3-hardenednopie
   [3] x86_64-pc-linux-gnu-4.7.3-hardenednopiessp
   [4] x86_64-pc-linux-gnu-4.7.3-hardenednossp
   [5] x86_64-pc-linux-gnu-4.7.3-vanilla

  # gcc-config 4

  # source /etc/profile
Comment 4 Matti Bickel (RETIRED) gentoo-dev 2013-11-13 21:19:26 UTC
I'm updating my @system to gcc-4.7.3 to test this, stay tuned.
Comment 5 Magnus Granberg gentoo-dev 2013-12-17 16:51:45 UTC
Fix the smashing attack insstead of disable ssp
Recompile glibc with use debug then you should get note what
function it happens. just turn ssp of is a only a short way
to hide the problem for the code error may be expliteble.
Comment 6 Michael Orlitzky gentoo-dev 2013-12-22 16:37:23 UTC
The fix has been committed upstream and merged into the 5.4, 5.5, and 5.6 branches. Just waiting for a release now.
Comment 7 Michael Orlitzky gentoo-dev 2014-02-15 16:21:15 UTC
Ok, the fix is in 5.5.8 in the tree.