Smarty

[RichardLynch]

I'm migrating some code for a friend to a new server.

She was running 2.6.2

I've also tried 2.6.19

In both cases, I get this in the log:

ALERT - canary mismatch on efree() - heap overflow detected (attacker 'w.x.y.z', file '...Smarty-2.6.19/libs/Smarty.class.php', line 1961)

Note that the file only has 1960 lines in it.

(In the case of 2.6.2, the number was different, but not the principle)

Google tells me that Suhosin patch is detecting a heap overflow and conking out.

This particular webhost has the php.ini memory_limit set to a rather generous 100M, so I'm pretty sure this is not a spurious error from lack of heap/RAM in general.

Any ideas?

[boots]

Never seen that or used the susosin patch. What OS, PHP and PCRE versions are installed? I'm really just guessing about the PCRE, but I do remember some issues arising on later PHP builds that required PCRE settings to be adjusted to accommodate for some of Smarty's regex's (maybe search the forums to see what I mean). I haven't logged in here in awhile and it may be sometime again so I apologize in advance for a lack of follow-ups. Good Luck.

[RichardLynch]

[quote="boots"]Never seen that or used the susosin patch. What OS, PHP and PCRE versions are installed? I'm really just guessing about the PCRE, but I do remember some issues arising on later PHP builds that required PCRE settings to be adjusted to accommodate for some of Smarty's regex's (maybe search the forums to see what I mean). I haven't logged in here in awhile and it may be sometime again so I apologize in advance for a lack of follow-ups. Good Luck.[/quote]

[indie@o15 ~]$ php -v
PHP 5.2.6 (cli) (built Jul 28 2008 15-11-06)
Copyright (c) 1997-2008 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies
with the ionCube PHP Loader v3.1.32, Copyright (c) 2002-2007, by ionCube Ltd., and
with Zend Extension Manager v1.2.2, Copyright (c) 2003-2007, by Zend Technologies
with Zend Optimizer v3.3.0, Copyright (c) 1998-2007, by Zend Technologies
[indie@o15 ~]$
[indie@o15 ~]$ php -i | grep -i PCRE
pcre
PCRE (Perl Compatible Regular Expressions) Support => enabled
PCRE Library Version => 7.6 2008-01-28
pcre.backtrack_limit => 100000 => 100000
pcre.recursion_limit => 100000 => 100000
[indie@o15 ~]$
[indie@o15 ~]$ uname -a
FreeBSD 7.0-STABLE FreeBSD 7.0-STABLE #1: Tue May 27 13:49:56 PDT 2008
i386
[indie@o15 ~]$

[RichardLynch]

[quote="boots"]Never seen that or used the susosin patch. What OS, PHP and PCRE versions are installed? I'm really just guessing about the PCRE, but I do remember some issues arising on later PHP builds that required PCRE settings to be adjusted to accommodate for some of Smarty's regex's (maybe search the forums to see what I mean). I haven't logged in here in awhile and it may be sometime again so I apologize in advance for a lack of follow-ups. Good Luck.[/quote]

You may be interested to know that Smarty is probably triggering an actual bug in the guts of PHP:
YOUR FORUM WILL NOT LET ME POST LINKS!
Use a secret decoder ring on this next bit:
http
forum DOT hardened-php DOT net
%2Fviewtopic.php%3Fpid%3D1594%23p1594

I doubt that I'll be able to get the webhost to install PHP --with-debug and generate a backtrace as outlined here:

http
bugs DOT php DOT net
%2Fbugs-generating-backtrace.php

But perhaps maybe you'll give it a shot.