526244 – dev-php/pecl-geoip-1.1.0 - segmentation fault in php on corrupt GeoIPCity.dat where libGeoIP returns NULL

Bug 526244 - dev-php/pecl-geoip-1.1.0 - segmentation fault in php on corrupt GeoIPCity.dat where libGeoIP returns NULL

Summary: dev-php/pecl-geoip-1.1.0 - segmentation fault in php on corrupt GeoIPCity.dat...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	PHP Bugs

URL:
Whiteboard:
Keywords:	PATCH

Depends on:
Blocks:

Reported:	2014-10-21 15:09 UTC by Deniss Gaplevsky
Modified:	2022-08-09 07:12 UTC (History)
CC List:	0 users

See Also:	https://bugs.php.net/bug.php?id=67231 https://bugs.php.net/bug.php?id=68277
Package list:
Runtime testing required:	---

Attachments
patch to prevent segfaults in GeoIP_record_by_name() due NULL passed as first arg (geoip-1.1.0-inbox-city.patch,2.13 KB, patch) 2014-10-22 18:13 UTC, Deniss Gaplevsky	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Deniss Gaplevsky 2014-10-21 15:09:09 UTC

dev-php/pecl-geoip-1.1.0 segfaults php when GeoIPCity.dat is used.
There is bug filled to mainstream with patch at https://bugs.php.net/bug.php?id=68277

Comment 1 Jeroen Roovers (RETIRED) gentoo-dev

2014-10-21 16:43:25 UTC

The upstream bug report seems to be about a segmentation fault in libGeoIP, which is in the domain of dev-libs/geoip, not dev-php/pecl-geoip.

Comment 2 Jeroen Roovers (RETIRED) gentoo-dev

2014-10-21 17:06:51 UTC

1) Please post your `emerge --info dev-libs/geoip' output in a comment.
2) Please explain how that broken database got there. :)

Comment 3 Deniss Gaplevsky 2014-10-22 18:10:30 UTC

the issue is pretty complex and comes out from libgeoip sins:
1. GeoIP_db_avail() does not make difference between GEOIP_*_EDITION_REV1 and GEOIP_*_EDITION_REV0 but GeoIP_open_type() does.
2. GeoIP_open_type() returns NULL when requested revision does not match actual revision of file. NULL is returned for few other cases as well.
3. GeoIP_record_by_name() (and other GeoIP_*_by_name()?) does not check first argument for NULL and segfaults.

I contacted Boris Zentner (MaxMind) and he wrote me back that the pecl-geoip should manage all checks. 

A patch attached tries to open the file as GEOIP_CITY_EDITION_REV0 then as GEOIP_CITY_EDITION_REV1 if failed and finally check returned value for NULL

Comment 4 Deniss Gaplevsky 2014-10-22 18:13:38 UTC

Created attachment 387222 [details, diff]
patch to prevent segfaults in GeoIP_record_by_name() due NULL passed as first arg

this patch also fixes wrong revision guessing

Comment 5 Deniss Gaplevsky 2014-10-27 13:07:32 UTC

mainstream patch available from https://bugs.php.net/bug.php?id=68277

Comment 6 Larry the Git Cow gentoo-dev

2022-08-09 07:12:21 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ed1e3e3e8d7a610fafe873075454b35a2079b04a

commit ed1e3e3e8d7a610fafe873075454b35a2079b04a
Author:     Jakov Smolić <jsmolic@gentoo.org>
AuthorDate: 2022-08-09 07:11:40 +0000
Commit:     Jakov Smolić <jsmolic@gentoo.org>
CommitDate: 2022-08-09 07:11:40 +0000

    dev-php/pecl-geoip: treeclean
    
    Closes: https://bugs.gentoo.org/857636
    Closes: https://bugs.gentoo.org/526244
    Signed-off-by: Jakov Smolić <jsmolic@gentoo.org>

 dev-php/pecl-geoip/Manifest                        |  1 -
 .../pecl-geoip/files/fix-failing-tests-1.1.1.patch | 46 -----------
 .../files/fix-failing-tests-php8-1-1.1.1.patch     | 71 -----------------
 dev-php/pecl-geoip/files/php8-support-1.1.1.patch  | 93 ----------------------
 dev-php/pecl-geoip/metadata.xml                    |  8 --
 dev-php/pecl-geoip/pecl-geoip-1.1.1-r4.ebuild      | 22 -----
 dev-php/pecl-geoip/pecl-geoip-1.1.1-r5.ebuild      | 26 ------
 profiles/package.mask                              |  7 --
 8 files changed, 274 deletions(-)