Vulnerability Development mailing list archives

PHP

From: Ryan Yagatich <ryany () pantek com>
Date: Thu, 14 Nov 2002 09:38:14 -0500 (EST)
All,
        PHP has this function called 'ini_set' which allows the programmer 
to change certain values in /etc/php.ini for the current session without 
needing the priveliges to modify the actual file. For example, one could 
use: 
        ini_set("memory_limit","10M");
 
to change the amount of memory available for PHP when executing scripts. 
(this limit, in my understanding, is so that the system doesn't run out of 
memory while code is executing.... kind of like the 30 seconds of 
execution limit). Usually if this limit is reached, in my experience, it 
is due to faulty code. 
        So, on the terms of faulty code, I was working with this database 
system using MySQL. I have a class called MySQL which performs basic 
functions, connect/disconnect/query, etc... I call on this class 
throughout my code, in particular the menuItem class. the menuItem class 
consists of 3 pieces, self (an associative array of fields), parent (a 
menuItem with parent information) and children (an array of menuItems for 
menu items immediately below this one). I have a function in an object 
called page, which calls on the menuItem to build a site map and a 
'breadcrumb' menu. During my testing, I accidentily specified some 
incorrect information for the query which made it return about 5 thousand 
rows of the table. The table consists of 10 different columns, some with 
'text' fields in addition to the varchar and int fields. 
        During the testing of this code PHP complained that it hit over 
the set limit of 8M of memory. So, since i was curious, I ran ini_set() to 
increase that to see how bad it really was. The system that I was on has 
about 512M of memory, so, me being curious set the memory limit to 10000M. 
I re-ran my code and of course it died. What was I expecting? I was 
expecting PHP to segfault because it can't handle it. See, in the past I 
have had infinite loops that have caused PHP to segfault, but in this case 
it was a different story. In this scenario apache segfaulted and was not 
responding to any request to any page (via telnet connections). In fact, 
the only reason why i knew that anything was wrong was because our snips 
servers started paging us, telling us that the web service was down.
        Is it just me, or is that really not supposed to happen?


System Information:
        RedHat Linux 7.1 (all of the latest RedHat supplied updates)
        2.4.9-34
        Apache/1.3.22 (Unix)  (Red-Hat/Linux) 
           built:   Jun 19 2002 12:27:54
        
        PHP 4.1.2
          Zend Engine v1.1.1
        
        Mem:  525139968
        
Thanks,
Ryan Yagatich  <support () pantek com>
        Pantek, Incorporated
 (877) LINUX-FIX - (440) 519-1802
===================================
8C C2 F5 C0 58 FB D3 31 50 89 50 D9
BF ED 5D 47 53 8C 67 94 74 91 54 86
===================================
  Intelligence is the ability to
recognise the futility of attempts
to define such nebulous concepts as
         'intelligence'.
Current thread:

PHP Ryan Yagatich (Nov 14)
- Re: PHP Jens Rantil (Nov 16)
  - Re: PHP Ryan Yagatich (Nov 21)