From:
Operating system: Centos 5.5/Fedora 16
PHP version: 5.3.8
Package: PDO related
Bug Type: Bug
Bug description:pdo_dblib - Seg Fault error on user/pass exceeds 30 chars
Description:
------------
LIB: freetds-0.91-1
PHP: php 5.3.8
EXT: pdo_dblib from /ext folder of php 5.3.8 source
OS: Fedora 16/Centos 5
I was using pdo_dblib to connect to a MSSQL server db. When the password
or username is longer than 30 chars, a segmentation fault occurrs, crashing
PHP.
It would be ideal to instead throw the catchable error from freetds which
is "20042 Name too long for LOGINREC field (severity 2)"
The problem is that the code is not checking to make sure dbproc is not
NULL before processing the error info further. In the case of the password
being longer than 30 chars it is NULL, which then causes the seg fault.
Test script:
---------------
$db = new PDO("dblib:host=someserver;", "uname",
'31charpasswordpasswordpasswordp');
Expected result:
----------------
20042 Name too long for LOGINREC field (severity 2)
Actual result:
--------------
segmentation fault
OUTPUT FROM gdb:
Program received signal SIGSEGV, Segmentation fault.
0x000000390502b0ff in __dcigettext () from /lib64/libc.so.6
(gdb) bt
#0 0x000000390502b0ff in __dcigettext () from /lib64/libc.so.6
#1 0x0000003905079b3c in strerror_r () from /lib64/libc.so.6
#2 0x000000390507997e in strerror () from /lib64/libc.so.6
#3 0x00002aaab26a6815 in ?? () from /usr/lib64/libsybdb.so.5
#4 0x00002aaab26a7aa9 in dbgetuserdata () from /usr/lib64/libsybdb.so.5
#5 0x00002aaab3bc2c59 in error_handler (dbproc=0x39051200a9,
severity=85066262, dberr=0, oserr=0, dberrstr=0x0, oserrstr=0x5 <Address
0x5 out of bounds>)
at /home/ROSWELL/visco/php-5.3.8/ext/pdo_dblib/pdo_dblib.c:98
--
Edit bug report at https://bugs.php.net/bug.php?id=60512&edit=1
--
Try a snapshot (PHP 5.4):
https://bugs.php.net/fix.php?id=60512&r=trysnapshot54
Try a snapshot (PHP 5.3):
https://bugs.php.net/fix.php?id=60512&r=trysnapshot53
Try a snapshot (trunk):
https://bugs.php.net/fix.php?id=60512&r=trysnapshottrunk
Fixed in SVN:
https://bugs.php.net/fix.php?id=60512&r=fixed
Fixed in SVN and need be documented:
https://bugs.php.net/fix.php?id=60512&r=needdocs
Fixed in release:
https://bugs.php.net/fix.php?id=60512&r=alreadyfixed
Need backtrace:
https://bugs.php.net/fix.php?id=60512&r=needtrace
Need Reproduce Script:
https://bugs.php.net/fix.php?id=60512&r=needscript
Try newer version:
https://bugs.php.net/fix.php?id=60512&r=oldversion
Not developer issue:
https://bugs.php.net/fix.php?id=60512&r=support
Expected behavior:
https://bugs.php.net/fix.php?id=60512&r=notwrong
Not enough info:
https://bugs.php.net/fix.php?id=60512&r=notenoughinfo
Submitted twice:
https://bugs.php.net/fix.php?id=60512&r=submittedtwice
register_globals:
https://bugs.php.net/fix.php?id=60512&r=globals
PHP 4 support discontinued:
https://bugs.php.net/fix.php?id=60512&r=php4
Daylight Savings: https://bugs.php.net/fix.php?id=60512&r=dst
IIS Stability:
https://bugs.php.net/fix.php?id=60512&r=isapi
Install GNU Sed:
https://bugs.php.net/fix.php?id=60512&r=gnused
Floating point limitations:
https://bugs.php.net/fix.php?id=60512&r=float
No Zend Extensions:
https://bugs.php.net/fix.php?id=60512&r=nozend
MySQL Configuration Error:
https://bugs.php.net/fix.php?id=60512&r=mysqlcfg
