Bug#508021: [php-maint] Bug#508021: Bug#508021: php apache/2 SAPI php_getuid() overload

Mon, 08 Dec 2008 15:57:57 -0800 

Hey,

2008/12/7 sean finney <[EMAIL PROTECTED]>:
> hiya,
>
> On Sat, Dec 06, 2008 at 06:25:44PM -0600, Raphael Geissert wrote:
>> [1]http://securityreason.com/achievement_securityalert/59
>> [2]http://cvs.php.net/viewvc.cgi/php-src/sapi/apache/mod_php5.c?r1=1.19.2.7.2.15&r2=1.19.2.7.2.16&diff_format=u
>> http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?r1=1.725.2.31.2.78&r2=1.725.2.31.2.79&diff_format=u
>
> the first patch in [2] is for the apache 1.x sapi, which isn't currently
> relevant for lenny/sid, though it is for etch which still has the 1.x sapi
> built.

Didn't see it was against the apache 1.x SAPI; although it is useful
for etch anyway :)

>
> it looks like the api between 1.x and 2.x is quite different, so do
> you think it's safe to assume that only the second one is needed for
> lenny/sid?  i looked in the CVS commit list around that date and didn't
> see any other changes for this issue, at least.
>

Yeah, I think it is the only one we need for lenny/sid.

>From apache2handler/sapi_apache2.c:
> static int php_handler(request_rec *r)
> {
[...]
>        /* apply_config() needs r in some cases, so allocate server_context 
> early */
>        ctx = SG(server_context);
>        if (ctx == NULL || (ctx && ctx->request_processed && 
> !strcmp(r->protocol, "INCLUDED"))) {
normal:
>                ctx = SG(server_context) = apr_pcalloc(r->pool, sizeof(*ctx));
>                /* register a cleanup so we clear out the SG(server_context)
>                 * after each request. Note: We pass in the pointer to the
>                 * server_context in case this is handled by a different 
> thread.
>                 */
[...]
> zend_first_try {
[...]

php_handler sounds like apache2handler's equiv of apache's php_run
(which is where the other patch was applied). So it looks fine
(although I'm not familiar at all with apache's SAPI-related stuff).


>
>        sean
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iD8DBQFJPFltynjLPm522B0RAg81AJ9dxW/NAdxqIiYqmo/STUBZhpFu6ACcCvHO
> +x4AnUNcSatjf3Glxy9vmlM=
> =pfXj
> -----END PGP SIGNATURE-----
>


Cheers,
-- 
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net

Marie von Ebner-Eschenbach  - "Even a stopped clock is right twice a day."



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to