[wp-hackers] canary mismatch on efree() - heap overflow detected
hovenko at linpro.no
Thu Aug 2 15:06:09 GMT 2007
I get the following in my Apache error log.
Aug 2 16:28:20 beta suhosin: ALERT - canary mismatch on efree() - heap
overflow detected (attacker '127.0.0.1',
file '/some/dir/wordpress/wp-includes/kses.php', line 518)
This makes mod_php and Apache crash, and the only "fix" I have found so far is
to restart apache (apachectl graceful) every 15 minutes with cron.
This error happend some times during the summer. We got many visitors on the
website today. So far have I noticed crashes 4 or 5 times today.
The first time the error appaired was one month ago, when switching from one
server to another (Linux -> FreeBSD). I upgraded all FreeBSD ports that time.
Don't know if it is a bug in the Suhosin patch, PHP or WordPress. Line 518 in
kses.php doesn't look bad too me. I will try breaking up that line in
multiple lines, with only one function call on each line. I'll report back
when i notice another crash after the change.
== Log details ==
The IP address 127.0.0.1 in the log is my proxy-server.
Line 518 in kses.php looks like this:
return addslashes( wp_kses(stripslashes( $data ), $allowedtags) );
The function in WordPress that gets executed on line 518 (wp_filter_kses) is
connected to the filters "pre_comment_content" and "title_save_pre". I guess
it happens only when users post comments or write posts.
== Server info ==
Server: FreeBSD 6.2-RELEASE
with Suhosin-Patch 0.9.6.2 (cli) (built: Jul 6 2007 22:13:03)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
with XCache v1.2.0, Copyright (c) 2005-2006, by mOo
Systemutvikler mob: +47 986 71 700
Linpro AS http://www.linpro.no/
More information about the wp-hackers