[wp-hackers] canary mismatch on efree() - heap overflow detected

Knut-Olav Hoven hovenko at linpro.no
Thu Aug 2 15:06:09 GMT 2007

I get the following in my Apache error log.

Aug  2 16:28:20 beta suhosin[49368]: ALERT - canary mismatch on efree() - heap 
overflow detected (attacker '', 
file '/some/dir/wordpress/wp-includes/kses.php', line 518)

This makes mod_php and Apache crash, and the only "fix" I have found so far is 
to restart apache (apachectl graceful) every 15 minutes with cron.

This error happend some times during the summer. We got many visitors on the 
website today. So far have I noticed crashes 4 or 5 times today.

The first time the error appaired was one month ago, when switching from one 
server to another (Linux -> FreeBSD). I upgraded all FreeBSD ports that time.

Don't know if it is a bug in the Suhosin patch, PHP or WordPress. Line 518 in 
kses.php doesn't look bad too me. I will try breaking up that line in 
multiple lines, with only one function call on each line. I'll report back 
when i notice another crash after the change.

== Log details ==

The IP address in the log is my proxy-server.

Line 518 in kses.php looks like this:
 return addslashes( wp_kses(stripslashes( $data ), $allowedtags) );

The function in WordPress that gets executed on line 518 (wp_filter_kses) is 
connected to the filters "pre_comment_content" and "title_save_pre". I guess 
it happens only when users post comments or write posts.

== Server info ==

Server: FreeBSD 6.2-RELEASE
Apache: 1.3.37

PHP: 5.2.3
with Suhosin-Patch (cli) (built: Jul  6 2007 22:13:03)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
    with XCache v1.2.0, Copyright (c) 2005-2006, by mOo

Knut-Olav Hoven
Systemutvikler               mob: +47 986 71 700
Linpro AS                    http://www.linpro.no/

More information about the wp-hackers mailing list