Debian Bug report logs - #848632
php5: Segmentation fault when connecting via SSH2 file wrapper

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Richard Oakham <vark@vark.nu>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: php5: Segmentation fault when connecting via SSH2 file wrapper

Date: Mon, 19 Dec 2016 12:58:00 +1000

Package: php5-common
Version: 5.6.27+dfsg-0+deb8u1
Severity: grave
Justification: renders package unusable

PHP on 5.6.28 or 5.6.29 segfaults when attempting to open a directory over SSH2 having successfully authenticted. Connects successfully and works on 5.6.27.

Minimal code example:

$conn=ssh2_connect('**server**',22);
$username = '**username**';
$password = '**password**';
$ssh2check=ssh2_auth_password($conn,$username,$password);
unset($username);
unset($password);
if (!$ssh2check) die ("Unable to connect with supplied credentials.");
$sftp = ssh2_sftp($conn);
echo "Done connection\n";
$handle = opendir("ssh2.sftp://$sftp/SSHUsersPath/Other Files/.");

Segfaults when the opendir is attempted

Stack trace:

#0  __strstr_sse2_unaligned () at ../sysdeps/x86_64/multiarch/strstr-sse2-unaligned.S:22
#1  0x00007ffff2555e30 in php_ssh2_fopen_wraper_parse_path () from /usr/lib/php5/20131226/ssh2.so
#2  0x00007ffff255846d in ?? () from /usr/lib/php5/20131226/ssh2.so
#3  0x00000000006af320 in _php_stream_opendir ()
#4  0x0000000000616c76 in ?? ()
#5  0x000000000054b048 in ?? ()
#6  0x00000000006e7eba in dtrace_execute_internal ()
#7  0x00000000007a88a0 in ?? ()
#8  0x0000000000736bf0 in execute_ex ()
#9  0x00000000006e7d58 in dtrace_execute_ex ()
#10 0x00000000006fa940 in zend_execute_scripts ()
#11 0x0000000000695b60 in php_execute_script ()
#12 0x00000000007aa85b in ?? ()
#13 0x0000000000462c0d in main ()

Replicated on multiple machines.

-- Package-specific info:
==== Additional PHP 5 information ====

++++ PHP 5 SAPI (php5query -S): ++++
cli
apache2

++++ PHP 5 Extensions (php5query -M -v): ++++
apcu (Enabled for cli by maintainer script)
apcu (Enabled for apache2 by maintainer script)
pdo_mysql (Enabled for cli by maintainer script)
pdo_mysql (Enabled for apache2 by maintainer script)
readline (Enabled for cli by maintainer script)
readline (Enabled for apache2 by maintainer script)
curl (Enabled for cli by maintainer script)
curl (Enabled for apache2 by maintainer script)
intl (Enabled for cli by maintainer script)
intl (Enabled for apache2 by maintainer script)
mysql (Enabled for cli by maintainer script)
mysql (Enabled for apache2 by maintainer script)
mysqli (Enabled for cli by maintainer script)
mysqli (Enabled for apache2 by maintainer script)
json (Enabled for cli by maintainer script)
json (Enabled for apache2 by maintainer script)
mysqlnd (Enabled for cli by maintainer script)
mysqlnd (Enabled for apache2 by maintainer script)
pdo (Enabled for cli by maintainer script)
pdo (Enabled for apache2 by maintainer script)
xdebug (Enabled for cli by maintainer script)
xdebug (Enabled for apache2 by maintainer script)
opcache (Enabled for cli by maintainer script)
opcache (Enabled for apache2 by maintainer script)
gd (Enabled for cli by maintainer script)
gd (Enabled for apache2 by maintainer script)
mcrypt (Enabled for cli by maintainer script)
mcrypt (Enabled for apache2 by maintainer script)

++++ Configuration files: ++++
**** /etc/php5/mods-available/pdo.ini ****
extension=pdo.so

**** /etc/php5/mods-available/opcache.ini ****
zend_extension=opcache.so


-- System Information:
Debian Release: 8.6
  APT prefers testing
  APT policy: (1000, 'testing'), (1000, 'stable'), (995, 'stable'), (750, 'testing'), (500, 'stable-updates')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages php5 depends on:
ii  libapache2-mod-php5  5.6.27+dfsg-0+deb8u1
ii  php5-common          5.6.27+dfsg-0+deb8u1

php5 recommends no packages.

php5 suggests no packages.

Versions of packages php5-common depends on:
ii  libc6   2.19-18+deb8u3
ii  lsof    4.86+dfsg-1
ii  psmisc  22.21-2
ii  sed     4.2.2-4+b1
ii  ucf     3.0030

Versions of packages php5-common suggests:
ii  php5-apcu [php5-user-cache]  4.0.7-1

-- no debconf information

Message #10 received at 848632@bugs.debian.org (full text, mbox, reply):

From: Ondřej Surý <ondrej@sury.org>

To: Richard Oakham <vark@vark.nu>, 848632@bugs.debian.org, Debian Bug Tracking System <submit@bugs.debian.org>

Subject: Re: [php-maint] Bug#848632: php5: Segmentation fault when connecting via SSH2 file wrapper

Date: Mon, 19 Dec 2016 14:21:58 +0100

Control: reassign -1 php5-ssh2

This is in fact a bug in ssh2. As a temporary workaround you can install
ssh2=0.13 from PECL.

I'll prepare fixed php5-ssh2 package in Debian meanwhile.

Cheers,
-- 
Ondřej Surý <ondrej@sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware,
fast DNS(SEC) resolver
Vše pro chleba (https://vseprochleba.cz) – Mouky ze mlýna a potřeby pro
pečení chleba všeho druhu

On Mon, Dec 19, 2016, at 03:58, Richard Oakham wrote:
> Package: php5-common
> Version: 5.6.27+dfsg-0+deb8u1
> Severity: grave
> Justification: renders package unusable
> 
> PHP on 5.6.28 or 5.6.29 segfaults when attempting to open a directory
> over SSH2 having successfully authenticted. Connects successfully and
> works on 5.6.27.
> 
> Minimal code example:
> 
> $conn=ssh2_connect('**server**',22);
> $username = '**username**';
> $password = '**password**';
> $ssh2check=ssh2_auth_password($conn,$username,$password);
> unset($username);
> unset($password);
> if (!$ssh2check) die ("Unable to connect with supplied credentials.");
> $sftp = ssh2_sftp($conn);
> echo "Done connection\n";
> $handle = opendir("ssh2.sftp://$sftp/SSHUsersPath/Other Files/.");
> 
> Segfaults when the opendir is attempted
> 
> Stack trace:
> 
> #0  __strstr_sse2_unaligned () at
> ../sysdeps/x86_64/multiarch/strstr-sse2-unaligned.S:22
> #1  0x00007ffff2555e30 in php_ssh2_fopen_wraper_parse_path () from
> /usr/lib/php5/20131226/ssh2.so
> #2  0x00007ffff255846d in ?? () from /usr/lib/php5/20131226/ssh2.so
> #3  0x00000000006af320 in _php_stream_opendir ()
> #4  0x0000000000616c76 in ?? ()
> #5  0x000000000054b048 in ?? ()
> #6  0x00000000006e7eba in dtrace_execute_internal ()
> #7  0x00000000007a88a0 in ?? ()
> #8  0x0000000000736bf0 in execute_ex ()
> #9  0x00000000006e7d58 in dtrace_execute_ex ()
> #10 0x00000000006fa940 in zend_execute_scripts ()
> #11 0x0000000000695b60 in php_execute_script ()
> #12 0x00000000007aa85b in ?? ()
> #13 0x0000000000462c0d in main ()
> 
> Replicated on multiple machines.
> 
> -- Package-specific info:
> ==== Additional PHP 5 information ====
> 
> ++++ PHP 5 SAPI (php5query -S): ++++
> cli
> apache2
> 
> ++++ PHP 5 Extensions (php5query -M -v): ++++
> apcu (Enabled for cli by maintainer script)
> apcu (Enabled for apache2 by maintainer script)
> pdo_mysql (Enabled for cli by maintainer script)
> pdo_mysql (Enabled for apache2 by maintainer script)
> readline (Enabled for cli by maintainer script)
> readline (Enabled for apache2 by maintainer script)
> curl (Enabled for cli by maintainer script)
> curl (Enabled for apache2 by maintainer script)
> intl (Enabled for cli by maintainer script)
> intl (Enabled for apache2 by maintainer script)
> mysql (Enabled for cli by maintainer script)
> mysql (Enabled for apache2 by maintainer script)
> mysqli (Enabled for cli by maintainer script)
> mysqli (Enabled for apache2 by maintainer script)
> json (Enabled for cli by maintainer script)
> json (Enabled for apache2 by maintainer script)
> mysqlnd (Enabled for cli by maintainer script)
> mysqlnd (Enabled for apache2 by maintainer script)
> pdo (Enabled for cli by maintainer script)
> pdo (Enabled for apache2 by maintainer script)
> xdebug (Enabled for cli by maintainer script)
> xdebug (Enabled for apache2 by maintainer script)
> opcache (Enabled for cli by maintainer script)
> opcache (Enabled for apache2 by maintainer script)
> gd (Enabled for cli by maintainer script)
> gd (Enabled for apache2 by maintainer script)
> mcrypt (Enabled for cli by maintainer script)
> mcrypt (Enabled for apache2 by maintainer script)
> 
> ++++ Configuration files: ++++
> **** /etc/php5/mods-available/pdo.ini ****
> extension=pdo.so
> 
> **** /etc/php5/mods-available/opcache.ini ****
> zend_extension=opcache.so
> 
> 
> -- System Information:
> Debian Release: 8.6
>   APT prefers testing
>   APT policy: (1000, 'testing'), (1000, 'stable'), (995, 'stable'), (750,
>   'testing'), (500, 'stable-updates')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
> Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
> 
> Versions of packages php5 depends on:
> ii  libapache2-mod-php5  5.6.27+dfsg-0+deb8u1
> ii  php5-common          5.6.27+dfsg-0+deb8u1
> 
> php5 recommends no packages.
> 
> php5 suggests no packages.
> 
> Versions of packages php5-common depends on:
> ii  libc6   2.19-18+deb8u3
> ii  lsof    4.86+dfsg-1
> ii  psmisc  22.21-2
> ii  sed     4.2.2-4+b1
> ii  ucf     3.0030
> 
> Versions of packages php5-common suggests:
> ii  php5-apcu [php5-user-cache]  4.0.7-1
> 
> -- no debconf information
> 
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint

Message #19 received at 848632-close@bugs.debian.org (full text, mbox, reply):

From: Ondřej Surý <ondrej@debian.org>

To: 848632-close@bugs.debian.org

Subject: Bug#848632: fixed in php-ssh2 0.12-3+deb8u1

Date: Fri, 23 Dec 2016 18:32:08 +0000

Source: php-ssh2
Source-Version: 0.12-3+deb8u1

We believe that the bug you reported is fixed in the latest version of
php-ssh2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 848632@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ondřej Surý <ondrej@debian.org> (supplier of updated php-ssh2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 19 Dec 2016 18:03:23 +0100
Source: php-ssh2
Binary: php5-ssh2 libssh2-php
Architecture: source amd64 all
Version: 0.12-3+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian PHP PECL Maintainers <pkg-php-pecl@lists.alioth.debian.org>
Changed-By: Ondřej Surý <ondrej@debian.org>
Description:
 libssh2-php - transitional dummy package for php5-ssh2
 php5-ssh2  - ${phppear:summary}
Closes: 848632
Changes:
 php-ssh2 (0.12-3+deb8u1) jessie-security; urgency=high
 .
   * Add patch to fix regression in php_ssh2_fopen_wraper_parse_path caused
     by security update in PHP 5.6.28 (Closes: #848632)
Checksums-Sha1:
 e71d138953a833e734d8c2351882ce5862ecbccb 2233 php-ssh2_0.12-3+deb8u1.dsc
 b86a25bdd3f3558bbcaaa6d876309fbbb5ae134d 26223 php-ssh2_0.12.orig.tar.gz
 07f6ad994a0f93763db3870cc1d0435cef7dcaa9 4940 php-ssh2_0.12-3+deb8u1.debian.tar.xz
 9ded7628efefd988e0c42d0d4d393a6ab4884f5a 30868 php5-ssh2_0.12-3+deb8u1_amd64.deb
 62fff42e38ef291629260c1cda10c7a67a405751 3690 libssh2-php_0.12-3+deb8u1_all.deb
Checksums-Sha256:
 b38ba761dbd61144e0fd91e2a31857c1c2574534a6fbc63be97056e27f3ee058 2233 php-ssh2_0.12-3+deb8u1.dsc
 600c82d2393acf3642f19914f06a7afea57ee05cb8c10e8a5510b32188b97f99 26223 php-ssh2_0.12.orig.tar.gz
 b85ade9102f1b066c3baad10dedf07fee6cbb62d3a547653053648d87ecd16c2 4940 php-ssh2_0.12-3+deb8u1.debian.tar.xz
 430114694467173acb2acb44c464d751ea882ae0c130112523ea6c40f918b3bc 30868 php5-ssh2_0.12-3+deb8u1_amd64.deb
 69f722cfc9e62d3c5872659c094657668441681dddc65c986099b4b4f83000ca 3690 libssh2-php_0.12-3+deb8u1_all.deb
Files:
 3ef1ba90d236c15bda1784d0860ead9b 2233 php extra php-ssh2_0.12-3+deb8u1.dsc
 409b91678a842bb0ff56f2cf018b9160 26223 php extra php-ssh2_0.12.orig.tar.gz
 53536e5e00d09c0db6a6840d2a19a532 4940 php extra php-ssh2_0.12-3+deb8u1.debian.tar.xz
 6016245c5911012ac80f60e385a9fd14 30868 php extra php5-ssh2_0.12-3+deb8u1_amd64.deb
 b295ee838679ffebdc79c11ff40705f4 3690 oldlibs extra libssh2-php_0.12-3+deb8u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQJ8BAEBCgBmBQJYWkl3XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzMEI5MzNEODBGQ0UzRDk4MUEyRDM4RkIw
Qzk5QjcwRUY0RkNCQjA3AAoJEAyZtw70/LsHngsP/RKBa2laZhbKMfZnrB7zm6fV
jqZ394qQpt1z60xE4iiV8z8Jqq9BH9WBeDgLfOcooGOc4matKYHXSFBK5HLpr34D
VaDKoPI6sV6DF6rHq1KwYDizhmwbL+8emnPVn2m0K5Hw56WCrqfghh9UTVbZdspK
cB+suTt/vqnvoisHBs+i0QJtSsdJ9pMq7S8um8RS8+bh+zRJQC+VPPLVMDGBj4bg
w/B+GbFCb+DtNzipIg7QeVxKcVwZ4p2a3wuFgOXeDQuvrlExI8AJNiXklbpqDW7F
qy3poNd4LXPiTL804je9XmhckGLEbYQfSNRZD/+ZR0nsgPy7A31e+FSOrOWJvaNq
zZKYTN64a6wviCtL22eaMxBPBaBtS0GfdO3Lnji+jDCbONEgoTZgjEUY7dxykAG3
/nh8EbNttK4BTxd7zXWRsVPa/RSb8nvPUvUclQELbIF9dWf4ahE0dBQPZ+QcQj74
JLsACuMAEsy6mMQ72Xp5azF+ZT1TifkjqFW83KZnBdkKohQCsSdefYO5nHtbFXd4
gPxDnRwHtPzwu06J9S1p3xcWg8tjyDNLOr5n9RaDfuW2CKD4S7sl9UB9mc25YbT1
pvj/4pHiDKTCB/bcYIuv6NV9wJ2AkeHC8QPPoi3qZk/dEnnJ29SP6oZiOmltCvZH
L+/WUL0lXixq3qDt1mni
=1eXn
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.