Month of PHP bugs and extensions.ini “magic” order madness
Just came across this while tracking the cause of frequent apache crashes on one of the development boxes running on FreeBSD. Default installation of PHP from FreeBSD’s ports includes Suhosin patch which aims to harden PHP. Well, it’s good to have good people looking after the security of PHP.
The Month of PHP Bugs
“formerly known as March”
"This initiative is an effort to improve the security of PHP. However we will not concentrate on problems in the PHP language that might result in insecure PHP applications, but on security vulnerabilities in the PHP core. During March 2007 old and new security vulnerabilities in the Zend Engine, the PHP core and the PHP extensions will be disclosed on a day by day basis. We will also point out necessary changes in the current vulnerability managment process used by the PHP Security Response Team." - Month of PHP bugs.
ERROR MESSAGES IN APACHE ERRORLOG
Exact errorlog from the box.
PHP Notice: Constant FORCE_GZIP already defined in Unknown on line 0
PHP Notice: Constant FORCE_DEFLATE already defined in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - readgzfile in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - gzrewind in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - gzclose in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - gzeof in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - gzgetc in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - gzgets in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - gzgetss in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - gzread in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - gzopen in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - gzpassthru in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - gzseek in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - gztell in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - gzwrite in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - gzputs in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - gzfile in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - gzcompress in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - gzuncompress in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - gzdeflate in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - gzinflate in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - gzencode in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - ob_gzhandler in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - zlib_get_coding_type in Unknown on line 0
PHP Warning: zlib: Unable to register functions, unable to load in Unknown on line 0
PHP Notice: Constant X509_PURPOSE_SSL_CLIENT already defined in Unknown on line 0
PHP Notice: Constant X509_PURPOSE_SSL_SERVER already defined in Unknown on line 0
PHP Notice: Constant X509_PURPOSE_NS_SSL_SERVER already defined in Unknown on line 0
PHP Notice: Constant X509_PURPOSE_SMIME_SIGN already defined in Unknown on line 0
PHP Notice: Constant X509_PURPOSE_SMIME_ENCRYPT already defined in Unknown on line 0
PHP Notice: Constant X509_PURPOSE_CRL_SIGN already defined in Unknown on line 0
PHP Notice: Constant X509_PURPOSE_ANY already defined in Unknown on line 0
PHP Notice: Constant PKCS7_DETACHED already defined in Unknown on line 0
PHP Notice: Constant PKCS7_TEXT already defined in Unknown on line 0
PHP Notice: Constant PKCS7_NOINTERN already defined in Unknown on line 0
PHP Notice: Constant PKCS7_NOVERIFY already defined in Unknown on line 0
PHP Notice: Constant PKCS7_NOCHAIN already defined in Unknown on line 0
PHP Notice: Constant PKCS7_NOCERTS already defined in Unknown on line 0
PHP Notice: Constant PKCS7_NOATTR already defined in Unknown on line 0
PHP Notice: Constant PKCS7_BINARY already defined in Unknown on line 0
PHP Notice: Constant PKCS7_NOSIGS already defined in Unknown on line 0
PHP Notice: Constant OPENSSL_PKCS1_PADDING already defined in Unknown on line 0
PHP Notice: Constant OPENSSL_SSLV23_PADDING already defined in Unknown on line 0
PHP Notice: Constant OPENSSL_NO_PADDING already defined in Unknown on line 0
PHP Notice: Constant OPENSSL_PKCS1_OAEP_PADDING already defined in Unknown on line 0
PHP Notice: Constant OPENSSL_KEYTYPE_RSA already defined in Unknown on line 0
PHP Notice: Constant OPENSSL_KEYTYPE_DSA already defined in Unknown on line 0
PHP Notice: Constant OPENSSL_KEYTYPE_DH already defined in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - openssl_pkey_free in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - openssl_pkey_new in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - openssl_pkey_export in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - openssl_pkey_export_to_file in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - openssl_pkey_get_private in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - openssl_pkey_get_public in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - openssl_free_key in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - openssl_get_privatekey in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - openssl_get_publickey in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - openssl_x509_read in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - openssl_x509_free in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - openssl_x509_parse in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - openssl_x509_checkpurpose in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - openssl_x509_check_private_key in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - openssl_x509_export in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - openssl_x509_export_to_file in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - openssl_csr_new in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - openssl_csr_export in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - openssl_csr_export_to_file in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - openssl_csr_sign in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - openssl_sign in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - openssl_verify in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - openssl_seal in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - openssl_open in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - openssl_pkcs7_verify in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - openssl_pkcs7_decrypt in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - openssl_pkcs7_sign in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - openssl_pkcs7_encrypt in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - openssl_private_encrypt in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - openssl_private_decrypt in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - openssl_public_encrypt in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - openssl_public_decrypt in Unknown on line 0
PHP Warning: Function registration failed - duplicate name - openssl_error_string in Unknown on line 0
PHP Warning: openssl: Unable to register functions, unable to load in Unknown on line 0
[Tue Mar 06 10:16:02 2007] [notice] Digest: generating secret for digest authentication …
[Tue Mar 06 10:16:02 2007] [notice] Digest: done
[Tue Mar 06 10:16:03 2007] [notice] Apache/2.2.4 (FreeBSD) mod_ssl/2.2.4 OpenSSL/0.9.7e-p1 configured — resuming normal operations
[Tue Mar 06 10:17:34 2007] [notice] caught SIGTERM, shutting down
httpd in free(): error: junk pointer, too high to make sense
SOLUTIONS
A) First 2 errors were simple. It was due the loading of same module twice.
PHP Warning: zlib: Unable to register functions, unable to load in Unknown on line 0
PHP Warning: openssl: Unable to register functions, unable to load in Unknown on line 0
Just comment out the below from /usr/local/etc/php/extensions.ini.
#extension=zlib.so
#extension=openssl.so
B) Second error looks unfamiliar and odd.
httpd in free(): error: junk pointer, too high to make sense. There were discussion on the need to have session early in the list of extensions to be loaded. WTF?! Some sort of voodoo? But hey! it works! Duh!
Rearranging my extensions.ini in this “magic” order silents the error log.
extension=recode.so
extension=mysql.so
extension=sockets.so
The error log is fine now and no more apache crashes.
[Tue Mar 06 10:17:39 2007] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Mar 06 10:17:42 2007] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Mar 06 10:17:42 2007] [notice] Digest: generating secret for digest authentication …
[Tue Mar 06 10:17:42 2007] [notice] Digest: done
[Tue Mar 06 10:17:43 2007] [notice] Apache/2.2.4 (FreeBSD) mod_ssl/2.2.4 OpenSSL/0.9.7e-p1 configured — resuming normal operations
THOUGHT OF THE DAY
What can I say? Living in the edge of modern computing world, I shall burn some joss sticks and pray for my boxes to be operational!
