[Bug 315507] Re: Unable to remove Suhosin patch

Diego Malatesta diego.malatesta at gmail.com
Mon Jul 20 11:20:44 BST 2009 

Ok I was able to reproduce the problem on a new VM

Steps:

1) Create fresh vm: done, installed Ubuntu 8.04.2 amd64 as denoted by

# lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 8.04.3 LTS (it shows .3 because I issued the command after the update I think)
Release:	8.04
Codename:	hardy

2) Update system and reboot: done

3) Install LAMP Server packages: done. I didn't install mysql, only
apache2 and php5 (I have the db on another machine)

4) We need ODBC: done. Installed php5-odbc libmyodbc unixodbc, copied
the sample configurations and adapted odbc.ini to connect to my db
server. Plus I tested the connection with isql and worked.

5) Create a PHP test page: done. I've attached the info.html file (with
ip and domain hidden for privacy reasons)

6) I already have a database ready (MySQL 5.0.24)

7) Create PHP page to test odbc: done. It's the exact copy of your
example script, with the connection data and the table changed of course

8) Try the script.. and here the browser serves me the file as a
download. In /var/log/apache2/error.log there is the canary error.
Here's the complete log:

[Mon Jul 20 11:39:37 2009] [notice] Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.6 with Suhosin-Patch configured -- resuming normal operations
[Mon Jul 20 11:47:47 2009] [error] [client <client ip>] ALERT - canary mismatch on efree() - heap overflow detected (attacker '<client ip>', file '/var/www/odbctest.php', line 11), referer: http://<server ip>/
[Mon Jul 20 11:47:47 2009] [error] [client <client ip>] ALERT - canary mismatch on efree() - heap overflow detected (attacker '<client ip>', file '/var/www/odbctest.php', line 11), referer: http://<server ip>/

9) and 10) no sense doing these. The issue in not intermittent, it
happens every time.

11) Document exact versions of packages:

# dpkg-query -W apache2 libapache2-mod-php5 libmyodbc php5-common php5-odbc
apache2	2.2.8-1ubuntu0.10
libapache2-mod-php5	5.2.4-2ubuntu5.6
libmyodbc	3.51.15r409-2
php5-common	5.2.4-2ubuntu5.6
php5-odbc	5.2.4-2ubuntu5.6

** Attachment added: "info.html"
   http://launchpadlibrarian.net/29274780/info.html

-- 
Unable to remove Suhosin patch
https://bugs.launchpad.net/bugs/315507
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in ubuntu.

More information about the Ubuntu-server-bugs mailing list