[php-maint] Bug#554684: Bug#554684: Bug#554684: php5-pgsql: Suhosin alerts about heap overflows

Gunnar Wolf gwolf at gwolf.org
Tue Jan 12 13:38:05 UTC 2010 

tags 554684 + unreproducible
thanks

Ondřej Surý dijo [Tue, Jan 12, 2010 at 08:16:20AM +0100]:
> Gunnar,
> 
> do you think you can retest this bug with php5-pgsql from unstable?
> 
> Ie.
> (...)
> This should allow you to not upgrade whole php5 just the module. This
> could lead us if we need to look after the issue in SVN (and fix the
> unstable version as well) or if we just need to fix it in stable.

Hi,

Sadly, I cannot reproduce this anymore. Since November (precisely two
days before filing this bug), I have not logged any new similar
reports. 

I am tagging the bug as unreproducible. Just FWIW, here are all the
occurrences I got. Note they appear seemingly out of order, as I
separate the logs based on the virtualhost:

/var/log/apache2$ zcat *error*gz | grep ALERT 
[Tue Nov 03 07:05:43 2009] [error] [client 132.248.72.141] ALERT - canary mismatch on erealloc() - heap overflow detected (attacker '132.248.72.141', file '/usr/share/drupal6/includes/database.pgsql.inc', line 364)
[Wed Nov 04 06:25:21 2009] [error] [client 132.248.72.141] ALERT - canary mismatch on erealloc() - heap overflow detected (attacker '132.248.72.141', file '/usr/share/drupal6/includes/database.pgsql.inc', line 364)
[Sun Nov 01 01:04:52 2009] [error] [client 132.248.72.141] ALERT - canary mismatch on erealloc() - heap overflow detected (attacker '132.248.72.141', file '/usr/share/drupal6/includes/database.pgsql.inc', line 364)
[Tue Oct 20 02:24:29 2009] [error] [client 132.248.72.141] ALERT - canary mismatch on erealloc() - heap overflow detected (attacker '132.248.72.141', file '/usr/share/drupal6/includes/database.pgsql.inc', line 364)
[Thu Oct 22 02:24:27 2009] [error] [client 132.248.72.141] ALERT - canary mismatch on erealloc() - heap overflow detected (attacker '132.248.72.141', file '/usr/share/drupal6/includes/database.pgsql.inc', line 364)
[Wed Oct 14 13:06:30 2009] [error] [client 132.248.72.141] ALERT - canary mismatch on erealloc() - heap overflow detected (attacker '132.248.72.141', file '/usr/share/drupal6/includes/database.pgsql.inc', line 364)
[Fri Oct 16 12:25:27 2009] [error] [client 132.248.72.141] ALERT - canary mismatch on erealloc() - heap overflow detected (attacker '132.248.72.141', file '/usr/share/drupal6/includes/database.pgsql.inc', line 364)
[Fri Oct 16 21:04:43 2009] [error] [client 132.248.72.141] ALERT - canary mismatch on erealloc() - heap overflow detected (attacker '132.248.72.141', file '/usr/share/drupal6/includes/database.pgsql.inc', line 364)
[Sun Oct 18 09:05:15 2009] [error] [client 132.248.72.141] ALERT - canary mismatch on erealloc() - heap overflow detected (attacker '132.248.72.141', file '/usr/share/drupal6/includes/database.pgsql.inc', line 364)
[Mon Oct 19 06:04:32 2009] [error] [client 132.248.72.141] ALERT - canary mismatch on erealloc() - heap overflow detected (attacker '132.248.72.141', file '/usr/share/drupal6/includes/database.pgsql.inc', line 364)
[Wed Oct 07 02:05:13 2009] [error] [client 132.248.72.141] ALERT - canary mismatch on erealloc() - heap overflow detected (attacker '132.248.72.141', file '/usr/share/drupal6/includes/database.pgsql.inc', line 364)
[Sun Oct 11 08:24:50 2009] [error] [client 132.248.72.141] ALERT - canary mismatch on erealloc() - heap overflow detected (attacker '132.248.72.141', file '/usr/share/drupal6/includes/database.pgsql.inc', line 364)
[Mon Oct 12 03:04:59 2009] [error] [client 132.248.72.141] ALERT - canary mismatch on erealloc() - heap overflow detected (attacker '132.248.72.141', file '/usr/share/drupal6/includes/database.pgsql.inc', line 364)
[Tue Sep 29 10:04:44 2009] [error] [client 132.248.72.141] ALERT - linked list corrupt on efree() - heap corruption detected (attacker '132.248.72.141', file '/usr/share/drupal6/includes/database.inc', line 205)
[Fri Oct 02 04:05:05 2009] [error] [client 132.248.72.141] ALERT - canary mismatch on erealloc() - heap overflow detected (attacker '132.248.72.141', file '/usr/share/drupal6/includes/database.pgsql.inc', line 364)
[Mon Oct 05 03:04:47 2009] [error] [client 132.248.72.141] ALERT - linked list corrupt on efree() - heap corruption detected (attacker '132.248.72.141', file '/usr/share/drupal6/modules/search/search.module', line 292)
[Mon Sep 28 06:05:04 2009] [error] [client 132.248.72.141] ALERT - linked list corrupt on efree() - heap corruption detected (attacker '132.248.72.141', file '/usr/share/drupal6/includes/database.inc', line 205)
[Tue Sep 29 01:05:02 2009] [error] [client 132.248.72.141] ALERT - linked list corrupt on efree() - heap corruption detected (attacker '132.248.72.141', file '/usr/share/drupal6/includes/database.pgsql.inc', line 138)
[Tue Aug 18 04:25:04 2009] [error] [client 132.248.72.141] ALERT - canary mismatch on erealloc() - heap overflow detected (attacker '132.248.72.141', file '/usr/share/drupal6/includes/database.pgsql.inc', line 364)


-- 
Gunnar Wolf • gwolf at gwolf.org • (+52-55)5623-0154 / 1451-2244

More information about the pkg-php-maint mailing list