[ZendTo] Re: Large Files and Rebuilding libphp5.so

Thu Jan 5 18:05:10 GMT 2012

On Thu, Jan 05, 2012 at 03:54:49PM +0000, Jules wrote:
> 
> 
> On 05/01/2012 15:30, Brian Ott wrote:
> > On Thu, Jan 05, 2012 at 09:07:52AM +0000, Jules wrote:
> >> On 04/01/2012 22:29, Brian Ott wrote:
> >>> Hey Jules,
> >>>
> >>> As a test I went ahead and followed these steps:
> >>> http://zend.to/phpfix.php
> >>>
> >>> I started from fresh the only thing I did NOT do was alter the fix:
> >>>
> >>> perl -i -pe 's/int zend_atoi/long zend_atoi/'
> >>> Zend/zend_operators.[ch];
> >>> perl -i -pe 's/\n/@@@@@@/g' Zend/zend_operators.c;
> >>> perl -i -pe 's/(long zend_atoi.*?)int retval/$1long retval/m'
> >>> Zend/zend_operators.c;
> >>> perl -i -pe 's/@@@@@@/\n/g' Zend/zend_operators.c;
> >>> perl -i -pe 's/atoi\(content_length\)/atol(content_length)/' `find
> >>> sapi -name '*.c'`
> >>> perl -i -pe 's/\(uint\)( SG\(request_info\))/$1/' `find sapi -name
> >>> '*.c'`;
> >>> perl -i -pe 's/uint post_data_length, raw/uint
> >>> IGNORE_post_data_length, IGNORE_raw/' main/SAPI.h;
> >>> perl -i -pe 's/} sapi_request_info/\tlong post_data_length,
> >>> raw_post_data_length;\n} sapi_request_info/' main/SAPI.h;
> >>> perl -i -pe 's/int read_post_bytes/long read_post_bytes/'
> >>> main/SAPI.h;
> >>> perl -i -pe 's/int boundary_len *= *0, *total_bytes *= *0/long
> >>> total_bytes=0; int boundary_len=0/' main/rfc1867.c;
> >>> perl -i -pe 's/int max_file_size *= *0,/long max_file_size = 0; int /'
> >>> main/rfc1867.c;
> >>>
> >>> I left that part out to make sure it wasn't something with Debians
> >>> version of PHP. Anyways I ran through and everything worked. I copied
> >>> over the libphp5.so file and tried to dropoff a file, everything went
> >>> well except of course the 4G file I uploaded failed.
> >> Well it would. You've just built the file you already had.
> >>> So I suspect something within these edits is the problem, I remember
> >>> someone once asked you on this list before where you got this and you
> >>> said to check google. I tried looking but with no success. I'm going
> >>> to try and do it manually and see what happens.
> >> It's possible the PHP source has changed again so one of the patterns is
> >> failing to match. Exactly what version of PHP are you trying to do it
> >> with? Does Ubuntu use the same version now?
> >>
> >> Jules.
> > I just checked Ubuntu 10.10 uses PHP5 5.3.3
> > Ubuntu 10.04 uses PHP5 5.3.2
> > Ubuntu 11.04 uses PHP5 5.3.5
> >
> > Debian 6 (Squeeze) uses PHP5 5.3.3
> >
> > So in theory the notes for Ubuntu 10 should be dead on accurate.
> But only for 10.04 and not 10.10. Sounds like the code has changed since 
> 5.3.2. I *might* get around to taking a look at this problem at the 
> weekend. I'll need to install an Ubuntu 11.04 box to build it with.
> 
> Jules
I think I've found the issue: 

Applying patch CVE-2011-2202.patch
patching file main/rfc1867.c

Debian has a patch that re-writes the rfc1867 file that we alter, I'm
going to edit that file and do a rebuild and let you know how it goes. 

> 
> -- 
> Julian Field MEng CITP CEng
> www.Zend.To
> 
> Follow me at twitter.com/JulesFM
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> 
> 'It's okay to live without all the answers' - Charlie Eppes, 2011
> 'All programs have a desire to be useful' - Tron, 1982
> 'That is the land of lost content,
>   I see it shining plain,
>   The happy highways where I went,
>   And cannot come again.' - A.E. Houseman
> 
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto

-- 
Brian Ott
Unix System Administrator

Ontario Institute for Cancer Research
MaRS Centre, South Tower
101 College Street, Suite 800
Toronto, Ontario, Canada M5G 0A3

Telephone:	647-260-7977
Email:		brian.ott at oicr.on.ca
www.oicr.on.ca

This message and any attachments may contain confidential and/or privileged information for the sole use of the intended recipient. Any review or distribution by anyone other than the person for whom it was originally intended is strictly prohibited. If you have received this message in error, please contact the sender and delete all copies. Opinions, conclusions or other information contained in this message may not be that of the organization.