Report: php5 segfault cause of stack overflow

  • Hi, this is more a report than a support question. I don’t need help.
    We got segfault from php5-fpm (fastcgi) behind a nginx and researched what’s going on.
    If the browser sends the cookie wordpress_logged_in_[HASH], then there was the segfault. This cookie was expired. Tracing the function calls within wp shows us a recursion loop. This ends up in an stack overflow. Yes, this is wrong on many levels.

    Here is a function trace and the reason, I write these message.

    wp-includes/pluggable.php: wp_validate_auth_cookie() -> action:auth_cookie_expired

    better-wp-security/core/modules/hide-backend/class-itsec-hide-backend.php: action:auth_cookie_expired -> auth_cookie_expired()

    better-wp-security/core/modules/hide-backend/class-itsec-hide-backend.php: auth_cookie_expired() -> wp_clear_auth_cookie()

    wp-includes/pluggable.php: wp_clear_auth_cookie() -> get_current_user_id()

    wp-includes/user.php: get_current_user_id() -> wp_get_current_user() -> _wp_get_current_user()

    wp-includes/user.php: _wp_get_current_user() -> filter:determine_current_user

    wp-includes/default-filters.php: filter:determine_current_user -> wp_validate_logged_in_cookie()

    wp-includes/user.php: wp_validate_logged_in_cookie() -> wp_validate_auth_cookie()

    Have fun, bye..

Viewing 6 replies - 1 through 6 (of 6 total)

  • Nick you did more research than we did, but here’s our report of the same problem (which we intended to submit until finding your report and trace):

    Since upgrading to WordPress 4.8 (across a small family of related websites) we have found frequent problems where a logged-in user comes back to the site and sees

    Service Unavailable

    The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
    Apache/2.4.10 (Debian) Server at {sitename.com} Port 443

    If iThemes security is deactivated, if the user tries a different browser, or the user clears all cookies for the site in question, then the user can browse and login to that site. We’re seeing it on all our sites, including ones that are exclusively http and exclusively https. Activating and deactivating other plugins does not affect matters: only iThemes security.

    The Apache2 site-error.log file shows entries like:

    [Thu Jun 22 17:21:18.368894 2017] [proxy_fcgi:error] [pid 18999:tid 139716653393664] [client {a.b.c.d}:21655] AH01067: Failed to read FastCGI header
    [Thu Jun 22 17:21:18.368930 2017] [proxy_fcgi:error] [pid 18999:tid 139716653393664] (104)Connection reset by peer: [client {a.b.c.d}:21655] AH01075: Error dispatching request to :

    And /var/log/kern.log shows a corresponding entry:

    Jun 22 17:21:18 webserver kernel: [6662139.037544] php5-fpm[21053]: segfault at 7ffd51345ff8 ip 00000000007012cf sp 00007ffd51346000 error 6 in php5-fpm[400000+802000]

    So something sent in the cookie triggers iThemes doing something which causes a segfault in php5-fpm.

    Any help would be appreciated!

    Note, of course, that we’re running Apache rather than nginx, but both running php5-fpm / fastcgi.

    @aboutnick & @menken

    This is known bug that has already been fixed in the Pro 4.0.0 release.

    Bug Fix: Fixed an infinite loop that could occur when expiring a cookie and Hide Backend is enabled.

    It is almost 4 months ago the free plugin was last updated so I expect an update any moment.

    If you can’t wait for the next update to the free plugin to be released the issue can also be fixed manually. It only requires a simple change in one of the Hide Backend methods which is located inside the better-wp-security/core/modules/hide-backend/class-itsec-hide-backend.php file.

    @pronl, could you please specify the simple change required?

    Would anyone be able to suggest the “simple change” that @pronl mentioned? It’s certainly a lot simpler if you know which line number to look for and what to change.

    This was exactly the same issue I had: upgraded to 4.8 and didn’t update iThemes Security. Had the segmentation fault thrown when wordpress_logged_in was expired. Updating the plugin fixed this issue for me.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Report: php5 segfault cause of stack overflow’ is closed to new replies.