Skip to content


给PHP5.2.*打上Hash冲突漏洞补丁

PHP5.2.*通过构造Hash冲突可以实现拒绝服务攻击,针对此漏洞官方发布了PHP 5.3.9但不会为此发布PHP 5.2.18.
5.2.* 可以打上下面的patch来解决此问题.

https://github.com/laruence/laruence.github.com/tree/master/php-5.2-max-input-vars

目前已知的受影响的语言以及版本有::

Java, 所有版本

JRuby <= 1.6.5 PHP <= 5.3.8, <= 5.4.0RC3 Python, 所有版本 Rubinius, 所有版本 Ruby <= 1.8.7-p356 Apache Geronimo, 所有版本 Apache Tomcat <= 5.5.34, <= 6.0.34, <= 7.0.22 Oracle Glassfish <= 3.1.1 Jetty, 所有版本 Plone, 所有版本 Rack, 所有版本 V8 JavaScript Engine, 所有版本 不受此影响的语言或者修复版本的语言有:: PHP >= 5.3.9, >= 5.4.0RC4

JRuby >= 1.6.5.1

Ruby >= 1.8.7-p357, 1.9.x

Apache Tomcat >= 5.5.35, >= 6.0.35, >= 7.0.23

Oracle Glassfish, N/A (Oracle reports that the issue is fixed in the main codeline and scheduled for a future CPU)

将php从5.2.14升级到5.2.17并打上补丁
下载patch
https://github.com/laruence/laruence.github.com/zipball/master

到之前的php编译目录

  1. cd src/lempelf/package/
  2. wget http://www.php.net/get/php-5.2.17.tar.gz/from/kr.php.net/mirror
  3. wget http://php-fpm.org/downloads/php-5.2.17-fpm-0.5.14.diff.gz
  4.  
  5. tar zxvf php-5.2.17.tar.gz
  6. gzip -cd php-5.2.17-fpm-0.5.14.diff.gz |patch -d php-5.2.17 -p1
  1. patching file configure
  2. Hunk #7 succeeded at 110645 (offset 1324 lines).
  3. Hunk #9 succeeded at 119634 (offset 1324 lines).
  4. patching file configure.in
  5. patching file libevent/ChangeLog
  6. patching file libevent/Makefile.am
  7. patching file libevent/Makefile.in
  8. patching file libevent/README
  9. patching file libevent/aclocal.m4
  10. patching file libevent/autogen.sh
  11. patching file libevent/buffer.c
  12. patching file libevent/compat/sys/_time.h
  13. patching file libevent/compat/sys/queue.h
  14. patching file libevent/config.h.in
  15. patching file libevent/configure
  16. patching file libevent/configure.in
  17. patching file libevent/depcomp
  18. patching file libevent/devpoll.c
  19. patching file libevent/epoll.c
  20. patching file libevent/epoll_sub.c
  21. patching file libevent/evbuffer.c
  22. patching file libevent/event-config.h
  23. patching file libevent/event-fpm.h
  24. patching file libevent/event-internal.h
  25. patching file libevent/event.3
  26. patching file libevent/event.c
  27. patching file libevent/event.h
  28. patching file libevent/evhttp.h
  29. patching file libevent/evport.c
  30. patching file libevent/evsignal.h
  31. patching file libevent/evutil.c
  32. patching file libevent/evutil.h
  33. patching file libevent/http-internal.h
  34. patching file libevent/http.c
  35. patching file libevent/install-sh
  36. patching file libevent/kqueue.c
  37. patching file libevent/log.c
  38. patching file libevent/log.h
  39. patching file libevent/min_heap.h
  40. patching file libevent/missing
  41. patching file libevent/poll.c
  42. patching file libevent/select.c
  43. patching file libevent/signal.c
  44. patching file libevent/strlcpy-internal.h
  45. patching file libevent/strlcpy.c
  46. patching file main/php_config.h.in
  47. patching file sapi/cgi/Makefile.frag
  48. patching file sapi/cgi/cgi_main.c
  49. patching file sapi/cgi/config9.m4
  50. patching file sapi/cgi/fastcgi.c
  51. patching file sapi/cgi/fastcgi.h
  52. patching file sapi/cgi/fpm/Makefile.frag
  53. patching file sapi/cgi/fpm/acinclude.m4
  54. patching file sapi/cgi/fpm/conf/php-fpm.conf.in
  55. patching file sapi/cgi/fpm/config.m4
  56. patching file sapi/cgi/fpm/fpm.c
  57. patching file sapi/cgi/fpm/fpm.h
  58. patching file sapi/cgi/fpm/fpm_arrays.h
  59. patching file sapi/cgi/fpm/fpm_atomic.h
  60. patching file sapi/cgi/fpm/fpm_autoconf.h.in
  61. patching file sapi/cgi/fpm/fpm_children.c
  62. patching file sapi/cgi/fpm/fpm_children.h
  63. patching file sapi/cgi/fpm/fpm_cleanup.c
  64. patching file sapi/cgi/fpm/fpm_cleanup.h
  65. patching file sapi/cgi/fpm/fpm_clock.c
  66. patching file sapi/cgi/fpm/fpm_clock.h
  67. patching file sapi/cgi/fpm/fpm_conf.c
  68. patching file sapi/cgi/fpm/fpm_conf.h
  69. patching file sapi/cgi/fpm/fpm_config.h
  70. patching file sapi/cgi/fpm/fpm_env.c
  71. patching file sapi/cgi/fpm/fpm_env.h
  72. patching file sapi/cgi/fpm/fpm_events.c
  73. patching file sapi/cgi/fpm/fpm_events.h
  74. patching file sapi/cgi/fpm/fpm_php.c
  75. patching file sapi/cgi/fpm/fpm_php.h
  76. patching file sapi/cgi/fpm/fpm_php_trace.c
  77. patching file sapi/cgi/fpm/fpm_php_trace.h
  78. patching file sapi/cgi/fpm/fpm_process_ctl.c
  79. patching file sapi/cgi/fpm/fpm_process_ctl.h
  80. patching file sapi/cgi/fpm/fpm_request.c
  81. patching file sapi/cgi/fpm/fpm_request.h
  82. patching file sapi/cgi/fpm/fpm_shm.c
  83. patching file sapi/cgi/fpm/fpm_shm.h
  84. patching file sapi/cgi/fpm/fpm_shm_slots.c
  85. patching file sapi/cgi/fpm/fpm_shm_slots.h
  86. patching file sapi/cgi/fpm/fpm_signals.c
  87. patching file sapi/cgi/fpm/fpm_signals.h
  88. patching file sapi/cgi/fpm/fpm_sockets.c
  89. patching file sapi/cgi/fpm/fpm_sockets.h
  90. patching file sapi/cgi/fpm/fpm_stdio.c
  91. patching file sapi/cgi/fpm/fpm_stdio.h
  92. patching file sapi/cgi/fpm/fpm_str.h
  93. patching file sapi/cgi/fpm/fpm_trace.c
  94. patching file sapi/cgi/fpm/fpm_trace.h
  95. patching file sapi/cgi/fpm/fpm_trace_mach.c
  96. patching file sapi/cgi/fpm/fpm_trace_pread.c
  97. patching file sapi/cgi/fpm/fpm_trace_ptrace.c
  98. patching file sapi/cgi/fpm/fpm_unix.c
  99. patching file sapi/cgi/fpm/fpm_unix.h
  100. patching file sapi/cgi/fpm/fpm_worker_pool.c
  101. patching file sapi/cgi/fpm/fpm_worker_pool.h
  102. patching file sapi/cgi/fpm/init.d/php-fpm.in
  103. patching file sapi/cgi/fpm/xml_config.c
  104. patching file sapi/cgi/fpm/xml_config.h
  105. patching file sapi/cgi/fpm/zlog.c
  106. patching file sapi/cgi/fpm/zlog.h
  1. unzip laruence-laruence.github.com-43969a1.zip
  2. cd php-5.2.17
  3.  
  4. patch -p1 < ../laruence-laruence.github.com-43969a1/php-5.2-max-input-vars/php-5.2.17-max-input-vars.patch
  1. patching file configure
  2. Hunk #1 succeeded at 2176 (offset 11 lines).
  3. patching file configure.in
  4. patching file main/main.c
  5. patching file main/php_globals.h
  6. patching file main/php_variables.c
  7. patching file main/php_version.h

打好补丁,重编译一遍php

  1. ./configure --prefix=/opt/php-5.2.17p1 --with-config-file-path=/opt/php-5.2.17p1/etc --with-mysql=/opt/mysql --with-mysqli=/opt/mysql/bin/mysql_config --with-iconv-dir=/usr/local --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr --disable-rpath --enable-discard-path --enable-safe-mode --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --with-curlwrappers --enable-mbregex --enable-fastcgi --enable-fpm --enable-force-cgi-redirect --enable-mbstring --with-mcrypt --with-gd --enable-gd-native-ttf --with-openssl --with-mhash --enable-pcntl --enable-sockets --with-xmlrpc --enable-zip --enable-soap  --enable-xml --enable-zend-multibyte --disable-debug --disable-ipv6 
  2. make ZEND_EXTRA_LIBS='-liconv'
  3. make install
  4.  
  5. cd ../memcache-3.0.5
  6. make clean
  7. /opt/php-5.2.17p1/bin/phpize
  8. ./configure --with-php-config=/opt/php-5.2.17p1/bin/php-config
  9. make
  10. make install
  11.  
  12. cd ../eaccelerator-0.9.6.1
  13. make clean
  14. /opt/php-5.2.17p1/bin/phpize
  15. ./configure --enable-eaccelerator=shared --with-php-config=/opt/php-5.2.17p1/bin/php-config
  16. make
  17. make install
  18.  
  19.  
  20. cd ../PDO_MYSQL-1.0.2
  21. make clean
  22. /opt/php-5.2.17p1/bin/phpize
  23. ./configure --with-php-config=/opt/php-5.2.17p1/bin/php-config --with-pdo-mysql=/opt/mysql
  24. make
  25. make install
  26.  
  27.  
  28. cd ../imagick-2.2.2/
  29. make clean
  30. /opt/php-5.2.17p1/bin/phpize
  31. ./configure --with-php-config=/opt/php-5.2.17p1/bin/php-config
  32. make
  33. make install
  34.  
  35. #32位用下面
  36. cp ../ZendOptimizer-3.3.9-linux-glibc23-i386/data/5_2_x_comp/ZendOptimizer.so /opt/php-5.2.17p1/lib/php/extensions/no-debug-non-zts-20060613/
  37. #64位用下面
  38. cp ../ZendOptimizer-3.3.9-linux-glibc23-x86_64/data/5_2_x_comp/ZendOptimizer.so /opt/php-5.2.17p1/lib/php/extensions/no-debug-non-zts-20060613/
  39.  
  40.  
  41. mkdir -p /opt/php-5.2.17p1/eaccelerator_cache
  42. chown www:website /opt/php-5.2.17p1/eaccelerator_cache/
  43. chmod 770 /opt/php-5.2.17p1/eaccelerator_cache/
  44.  
  45. touch /opt/php-5.2.17p1/logs/php_error.log
  46. chown www:website /opt/php-5.2.17p1/logs/php_error.log
  47. chmod 770 /opt/php-5.2.17p1/logs/php_error.log
  48.  
  49. #升级pear (可选)
  50. /opt/php-5.2.17p1/bin/pear upgrade pear
  51. /opt/php-5.2.17p1/bin/pear install Benchmark Cache_Lite DB HTTP Mail Mail_Mime Net_SMTP Net_Socket Pager XML_Parser XML_RPC
  52.  
  53. cp -p /opt/php/etc/php.ini /opt/php-5.2.17p1/etc/
  54. cp -p /opt/php/etc/php-fpm.conf /opt/php-5.2.17p1/etc/
  55. chown root:website /opt/php-5.2.17p1/etc/*
  56. chmod 660 /opt/php-5.2.17p1/etc/*
  57.  
  58. /opt/php/sbin/php-fpm stop
  59. #删掉软连接,切换php
  60. rm /opt/php
  61. ln -s /opt/php-5.2.17p1/ /opt/php
  62. /opt/php/sbin/php-fpm start

注意phpfpm.conf,php.ini中的路径

找不到libmysqlclient.so.16

  1. ./conftest: error while loading shared libraries: libmysqlclient.so.16

echo /opt/mysql/lib/mysql >> /etc/ld.so.conf
ldconfig -v

eAccelerator出错

  1. [eAccelerator] This build of “eAccelerator” was compiled for PHP version 5.2.14. Rebuild it for your PHP version (5.2.17p1) or download precompiled binaries.

重新编译eAccelerator

参考:
http://www.laruence.com/2011/12/29/2412.html

Posted in PHP, 安全, 安全通告.

Tagged with , .


No Responses (yet)

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.



Some HTML is OK

or, reply to this post via trackback.