• Registered: 2011-05-12
  • Posts: 6

Topic: buffer overflow with php

# rpm -q centos-release
centos-release-5-7.el5.centos

# rpm -qa |grep ^php
php-common-5.3.8-5.el5.remi.1
php-5.3.8-5.el5.remi.1
php-devel-5.3.8-5.el5.remi.1
php-PHPMailer-5.1-4.el5.remi
php-gd-5.3.8-5.el5.remi.1
php-layers-menu-3.2.0-0.2.rc.el5
php-pdo-5.3.8-5.el5.remi.1
php-cli-5.3.8-5.el5.remi.1
php-mysqlnd-5.3.8-5.el5.remi.1
php-mbstring-5.3.8-5.el5.remi.1
php-pear-1.9.4-3.el5.remi
php-pear-HTML_Template_PHPLIB-1.4.0-2.el5
php-snmp-5.3.8-5.el5.remi.1
php-adodb-5.12-1.el5.remi

# yum repolist
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.ash.fastserv.com
 * epel: mirror.steadfast.net
 * extras: mirrors.cmich.edu
 * remi: rpms.famillecollet.com
 * updates: mirror.lug.udel.edu
Excluding Packages from Les RPM de remi pour Enterprise Linux 5 - i386
Finished
repo id                                                               repo name                                                                                               status
base                                                                  CentOS-5 - Base                                                                                          2,705
epel                                                                  Extra Packages for Enterprise Linux 5 - i386                                                             5,526
extras                                                                CentOS-5 - Extras                                                                                          285
remi                                                                  Les RPM de remi pour Enterprise Linux 5 - i386                                                          611+27
updates                                                               CentOS-5 - Updates                                                                                         358
vmware-tools                                                          VMWare Tools                                                                                                10
repolist: 9,495



# php -v
*** buffer overflow detected ***: php terminated
======= Backtrace: =========
/lib/libc.so.6(__chk_fail+0x41)[0x90a971]
/lib/libc.so.6[0x909eb7]
/usr/lib/libnetsnmp.so.10[0x9f7cb9]
/usr/lib/libnetsnmp.so.10[0x9fa741]
/usr/lib/libnetsnmp.so.10(netsnmp_read_module+0x22)[0x9facf2]
/usr/lib/libnetsnmp.so.10(read_all_mibs+0x3c)[0x9fad6c]
/usr/lib/libnetsnmp.so.10(init_mib+0x63b)[0x9f126b]
/usr/lib/libnetsnmp.so.10(init_snmp+0x385)[0xa067f5]
/usr/lib/php/modules/snmp.so[0xc62b64]
php(zend_startup_module_ex+0xce)[0x823c3de]
php(zend_hash_apply+0x4c)[0x824564c]
php(zend_startup_modules+0x51)[0x823f281]
php(php_module_startup+0x8c5)[0x81df185]
php[0x82c4bad]
php[0x82c5584]
/lib/libc.so.6(__libc_start_main+0xdc)[0x839e9c]
php[0x8062411]
======= Memory map: ========
00110000-00125000 r-xp 00000000 08:03 1291589    /lib/libnsl-2.5.so
00125000-00126000 r-xp 00014000 08:03 1291589    /lib/libnsl-2.5.so
00126000-00127000 rwxp 00015000 08:03 1291589    /lib/libnsl-2.5.so
00127000-00129000 rwxp 00127000 00:00 0
00129000-0014f000 r-xp 00000000 08:03 854166     /usr/lib/libk5crypto.so.3.1
0014f000-00150000 rwxp 00025000 08:03 854166     /usr/lib/libk5crypto.so.3.1
00150000-00165000 r-xp 00000000 08:03 1291713    /lib/libpthread-2.5.so
00165000-00166000 r-xp 00015000 08:03 1291713    /lib/libpthread-2.5.so
00166000-00167000 rwxp 00016000 08:03 1291713    /lib/libpthread-2.5.so
00167000-00169000 rwxp 00167000 00:00 0
00169000-00171000 r-xp 00000000 08:03 851160     /usr/lib/libkrb5support.so.0.1
00171000-00172000 rwxp 00007000 08:03 851160     /usr/lib/libkrb5support.so.0.1
00172000-00182000 r-xp 00000000 08:03 848311     /usr/lib/libXpm.so.4.11.0
00182000-00183000 rwxp 00010000 08:03 848311     /usr/lib/libXpm.so.4.11.0
00183000-00185000 r-xp 00000000 08:03 853998     /usr/lib/libXau.so.6.0.0
00185000-00186000 rwxp 00001000 08:03 853998     /usr/lib/libXau.so.6.0.0
00186000-0018b000 r-xp 00000000 08:03 854005     /usr/lib/libXdmcp.so.6.0.0
0018b000-0018c000 rwxp 00004000 08:03 854005     /usr/lib/libXdmcp.so.6.0.0
0018c000-00191000 r-xp 00000000 08:03 1004239    /usr/lib/php/modules/pdo_mysqlnd.so
00191000-00192000 rwxp 00004000 08:03 1004239    /usr/lib/php/modules/pdo_mysqlnd.so
00192000-00197000 r-xp 00000000 08:03 1004060    /usr/lib/php/modules/pdo_sqlite.so
00197000-00198000 rwxp 00004000 08:03 1004060    /usr/lib/php/modules/pdo_sqlite.so
00199000-001a0000 r-xp 00000000 08:03 1291720    /lib/librt-2.5.so
001a0000-001a1000 r-xp 00007000 08:03 1291720    /lib/librt-2.5.so
001a1000-001a2000 rwxp 00008000 08:03 1291720    /lib/librt-2.5.so
001a8000-001cf000 r-xp 00000000 08:03 1291583    /lib/libm-2.5.so
001cf000-001d0000 r-xp 00026000 08:03 1291583    /lib/libm-2.5.so
001d0000-001d1000 rwxp 00027000 08:03 1291583    /lib/libm-2.5.so
001d1000-002fd000 r-xp 00000000 08:03 851199     /usr/lib/libxml2.so.2.6.26
002fd000-00302000 rwxp 0012c000 08:03 851199     /usr/lib/libxml2.so.2.6.26
00302000-00303000 rwxp 00302000 00:00 0
00303000-00397000 r-xp 00000000 08:03 847989     /usr/lib/libkrb5.so.3.3
00397000-0039a000 rwxp 00093000 08:03 847989     /usr/lib/libkrb5.so.3.3
0039a000-003e4000 r-xp 00000000 08:03 1001635    /usr/lib/php/modules/gd.so
003e4000-003e8000 rwxp 0004a000 08:03 1001635    /usr/lib/php/modules/gd.so
003e8000-003ec000 rwxp 003e8000 00:00 0
003ec000-0042c000 r-xp 00000000 08:03 851220     /usr/lib/libt1.so.5.1.1
0042c000-0042f000 rwxp 0003f000 08:03 851220     /usr/lib/libt1.so.5.1.1
0042f000-00444000 rwxp 0042f000 00:00 0
00444000-004c1000 r-xp 00000000 08:03 844359     /usr/lib/libfreetype.so.6.3.10
004c1000-004c4000 rwxp 0007d000 08:03 844359     /usr/lib/libfreetype.so.6.3.10
004c4000-004cb000 r-xp 00000000 08:03 1292391    /lib/libwrap.so.0.7.6
004cb000-004cc000 rwxp 00007000 08:03 1292391    /lib/libwrap.so.0.7.6
004d3000-004d4000 r-xp 004d3000 00:00 0          [vdso]
004d4000-005fe000 r-xp 00000000 08:03 1292387    /lib/libcrypto.so.0.9.8e
005fe000-00611000 rwxp 00129000 08:03 1292387    /lib/libcrypto.so.0.9.8e
00611000-00615000 rwxp 00611000 00:00 0
00615000-0063a000 r-xp 00000000 08:03 853992     /usr/lib/libpng12.so.0.10.0
0063a000-0063b000 rwxp 00024000 08:03 853992     /usr/lib/libpng12.so.0.10.0
0063b000-0065c000 r-xp 00000000 08:03 854197     /usr/lib/libjpeg.so.62.0.0
0065c000-0065d000 rwxp 00020000 08:03 854197     /usr/lib/libjpeg.so.62.0.0
0065d000-00683000 r-xp 00000000 08:03 1004061    /usr/lib/php/modules/mysqlnd.so
00683000-00686000 rwxp 00026000 08:03 1004061    /usr/lib/php/modules/mysqlnd.so
00686000-00687000 rwxp 00686000 00:00 0
00687000-0069e000 r-xp 00000000 08:03 1004238    /usr/lib/php/modules/mysqlnd_mysqli.so
0069e000-006a2000 rwxp 00016000 08:03 1004238    /usr/lib/php/modules/mysqlnd_mysqli.so
006a3000-006ac000 r-xp 00000000 08:03 1291570    /lib/libcrypt-2.5.so
006ac000-006ad000 r-xp 00008000 08:03 1291570    /lib/libcrypt-2.5.so
006ad000-006ae000 rwxp 00009000 08:03 1291570    /lib/libcrypt-2.5.so
006ae000-006d5000 rwxp 006ae000 00:00 0
006d5000-006e9000 r-xp 00000000 08:03 1004236    /usr/lib/php/modules/pdo.so
006e9000-006eb000 rwxp 00014000 08:03 1004236    /usr/lib/php/modules/pdo.so
006eb000-006fd000 r-xp 00000000 08:03 1004235    /usr/lib/php/modules/zip.so
006fd000-006ff000 rwxp 00011000 08:03 1004235    /usr/lib/php/modules/zip.so
006ff000-00708000 r-xp 00000000 08:03 1004237    /usr/lib/php/modules/mysqlnd_mysql.so
00708000-0070a000 rwxp 00008000 08:03 1004237    /usr/lib/php/modules/mysqlnd_mysql.so
0070a000-00767000 r-xp 00000000 08:03 854371     /usr/lib/libsqlite3.so.0.8.6
00767000-00769000 rwxp 0005d000 08:03 854371     /usr/lib/libsqlite3.so.0.8.6
00769000-007a7000 r-xp 00000000 08:03 1004234    /usr/lib/php/modules/phar.so
007a7000-007a9000 rwxp 0003e000 08:03 1004234    /usr/lib/php/modules/phar.so
007a9000-007b3000 r-xp 00000000 08:03 1291601    /lib/libnss_files-2.5.so
007b3000-007b4000 r-xp 00009000 08:03 1291601    /lib/libnss_files-2.5.so
007b4000-007b5000 rwxp 0000a000 08:03 1291601    /lib/libnss_files-2.5.so
007b5000-007c0000 r-xp 00000000 08:03 1291549    /lib/libgcc_s-4.1.2-20080825.so.1
007c0000-007c1000 rwxp 0000a000 08:03 1291549    /lib/libgcc_s-4.1.2-20080825.so.1
007cd000-007dd000 r-xp 00000000 08:03 1291717    /lib/libresolv-2.5.so
007dd000-007de000 r-xp 0000f000 08:03 1291717    /lib/libresolv-2.5.so
007de000-007df000 rwxp 00010000 08:03 1291717    /lib/libresolv-2.5.so
007df000-007e1000 rwxp 007df000 00:00 0
00807000-00822000 r-xp 00000000 08:03 1291559    /lib/ld-2.5.so
00822000-00823000 r-xp 0001a000 08:03 1291559    /lib/ld-2.5.so
00823000-00824000 rwxp 0001b000 08:03 1291559    /lib/ld-2.5.so
00824000-00977000 r-xp 00000000 08:03 1291565    /lib/libc-2.5.so
00977000-00979000 r-xp 00153000 08:03 1291565    /lib/libc-2.5.so
00979000-0097a000 rwxp 00155000 08:03 1291565    /lib/libc-2.5.so
0097a000-0097d000 rwxp 0097a000 00:00 0
0098f000-00992000 r-xp 00000000 08:03 1291575    /lib/libdl-2.5.so
00992000-00993000 r-xp 00002000 08:03 1291575    /lib/libdl-2.5.so
00993000-00994000 rwxp 00003000 08:03 1291575    /lib/libdl-2.5.so
009c8000-009d0000 r-xp 00000000 08:03 1002450    /usr/lib/php/modules/json.so
009d0000-009d1000 rwxp 00007000 08:03 1002450    /usr/lib/php/modules/json.so
009d1000-00a69000 r-xp 00000000 08:03 854494     /usr/lib/libnetsnmp.so.10.0.3
00a69000-00a6b000 rwxp 00098000 08:03 854494     /usr/lib/libnetsnmp.so.10.0.3
00a6b000-00a8a000 rwxp 00a6b000 00:00 0
00a96000-00ac6000 r-xp 00000000 08:03 848800     /usr/lib/libidn.so.11.5.19
00ac6000-00ac7000 rwxp 0002f000 08:03 848800     /usr/lib/libidn.so.11.5.19
00adc000-00aee000 r-xp 00000000 08:03 1291553    /lib/libz.so.1.2.3
00aee000-00aef000 rwxp 00011000 08:03 1291553    /lib/libz.so.1.2.3
00af1000-00b07000 r-xp 00000000 08:03 1291719    /lib/libselinux.so.1
00b07000-00b09000 rwxp 00015000 08:03 1291719    /lib/libselinux.so.1
00b0b000-00b46000 r-xp 00000000 08:03 1291707    /lib/libsepol.so.1
00b46000-00b47000 rwxp 0003b000 08:03 1291707    /lib/libsepol.so.1
00b47000-00b51000 rwxp 00b47000 00:00 0
00b53000-00b8e000 r-xp 00000000 08:03 845293     /usr/lib/libcurl.so.3.0.0
00b8e000-00b8f000 rwxp 0003b000 08:03 845293     /usr/lib/libcurl.so.3.0.0
00bad000-00bd1000 r-xp 00000000 08:03 851093     /usr/lib/libedit.so.0.0.27
00bd1000-00bd3000 rwxp 00023000 08:03 851093     /usr/lib/libedit.so.0.0.27
00bd3000-00bd5000 rwxp 00bd3000 00:00 0
00bd7000-00c0a000 r-xp 00000000 08:03 854208     /usr/lib/sse2/libgmp.so.3.3.3
00c0a000-00c0b000 rwxp 00032000 08:03 854208     /usr/lib/sse2/libgmp.so.3.3.3
00c61000-00c66000 r-xp 00000000 08:03 1004240    /usr/lib/php/modules/snmp.so
00c66000-00c68000 rwxp 00004000 08:03 1004240    /usr/lib/php/modules/snmp.so
00c7c000-00c8a000 r-xp 00000000 08:03 1001192    /usr/lib/php/modules/curl.so
00c8a000-00c8b000 rwxp 0000e000 08:03 1001192    /usr/lib/php/modules/curl.so
00cd6000-00d03000 r-xp 00000000 08:03 854324     /usr/lib/libgssapi_krb5.so.2.2
00d03000-00d04000 rwxp 0002d000 08:03 854324     /usr/lib/libgssapi_krb5.so.2.2
00d06000-00d46000 r-xp 00000000 08:03 845671     /usr/lib/libncurses.so.5.5
00d46000-00d4e000 rwxp 00040000 08:03 845671     /usr/lib/libncurses.so.5.5
00d4e000-00d4f000 rwxp 00d4e000 00:00 0
00d51000-00d95000 r-xp 00000000 08:03 1293279    /lib/libssl.so.0.9.8e
00d95000-00d99000 rwxp 00043000 08:03 1293279    /lib/libssl.so.0.9.8e
00d9b000-00dab000 r-xp 00000000 08:03 850982     /usr/lib/libbz2.so.1.0.3
00dab000-00dac000 rwxp 00010000 08:03 850982     /usr/lib/libbz2.so.1.0.3
00df4000-00df6000 r-xp 00000000 08:03 1292377    /lib/libkeyutils-1.2.so
00df6000-00df7000 rwxp 00001000 08:03 1292377    /lib/libkeyutils-1.2.so
00df9000-00dfb000 r-xp 00000000 08:03 1292388    /lib/libcom_err.so.2.1
00dfb000-00dfc000 rwxp 00001000 08:03 1292388    /lib/libcom_err.so.2.1
00dfc000-00fbd000 r-xp 00000000 08:03 1001865    /usr/lib/php/modules/fileinfo.so
00fbd000-00fbe000 rwxp 001c1000 08:03 1001865    /usr/lib/php/modules/fileinfo.so
00fbe000-010bd000 r-xp 00000000 08:03 854008     /usr/lib/libX11.so.6.2.0
010bd000-010c1000 rwxp 000ff000 08:03 854008     /usr/lib/libX11.so.6.2.0
06791000-0697d000 r-xp 00000000 08:03 1004226    /usr/lib/php/modules/mbstring.so
0697d000-06983000 rwxp 001ec000 08:03 1004226    /usr/lib/php/modules/mbstring.so
08047000-0835a000 r-xp 00000000 08:03 851790     /usr/bin/php
0835a000-0838f000 rw-p 00312000 08:03 851790     /usr/bin/php
0838f000-083a7000 rw-p 0838f000 00:00 0
08544000-08773000 rw-p 08544000 00:00 0          [heap]
b7d4e000-b7d77000 rw-p b7d4e000 00:00 0
b7d77000-b7f77000 r--p 00000000 08:03 854503     /usr/lib/locale/locale-archive
b7f77000-b7fbf000 rw-p b7f77000 00:00 0
bfa58000-bfa6d000 rw-p bffe9000 00:00 0          [stack]
Aborted
  • Remi
  • Remi
  • Administrateur
  • Offline
  • From: Champagne...
  • Registered: 2009-04-28
  • Posts: 3,836

Re: buffer overflow with php

Which is the version of net-snmp-libs ?

Laptop:  Fedora 38 + rpmfusion + remi (SCL only)
x86_64 builder: Fedora 39 + rpmfusion + remi-test
aarch64 builder: RHEL 9 with EPEL
Hosting Server: CentOS 8 Stream with EPEL, rpmfusion, remi

Remi's Website

  • Registered: 2011-05-12
  • Posts: 6

Re: buffer overflow with php

# rpm -qa | grep ^net-snmp
net-snmp-utils-5.3.2.2-14.el5_7.1
net-snmp-libs-5.3.2.2-14.el5_7.1
net-snmp-5.3.2.2-14.el5_7.1


I have resolved the problem, it was a bad mib that has been loaded into the system. Thank you for the prompt reply! I would have never thought that PHP breaks with a bad mib.

  • Remi
  • Remi
  • Administrateur
  • Offline
  • From: Champagne...
  • Registered: 2009-04-28
  • Posts: 3,836

Re: buffer overflow with php

Can you give me a link to that corrupted MIB ?
I think it worth to be reproduce and reported upstream.

Laptop:  Fedora 38 + rpmfusion + remi (SCL only)
x86_64 builder: Fedora 39 + rpmfusion + remi-test
aarch64 builder: RHEL 9 with EPEL
Hosting Server: CentOS 8 Stream with EPEL, rpmfusion, remi

Remi's Website

  • Registered: 2011-05-12
  • Posts: 6

Re: buffer overflow with php

Unfortunately it is a third party vendor mib that is not publicly available. However I have reported the issue to them. Thanks again for your time.