PHP5.2.*通过构造Hash冲突可以实现拒绝服务攻击,针对此漏洞官方发布了PHP 5.3.9但不会为此发布PHP 5.2.18.
5.2.* 可以打上下面的patch来解决此问题.
https://github.com/laruence/laruence.github.com/tree/master/php-5.2-max-input-vars
目前已知的受影响的语言以及版本有::
Java, 所有版本
JRuby <= 1.6.5 PHP <= 5.3.8, <= 5.4.0RC3 Python, 所有版本 Rubinius, 所有版本 Ruby <= 1.8.7-p356 Apache Geronimo, 所有版本 Apache Tomcat <= 5.5.34, <= 6.0.34, <= 7.0.22 Oracle Glassfish <= 3.1.1 Jetty, 所有版本 Plone, 所有版本 Rack, 所有版本 V8 JavaScript Engine, 所有版本 不受此影响的语言或者修复版本的语言有:: PHP >= 5.3.9, >= 5.4.0RC4
JRuby >= 1.6.5.1
Ruby >= 1.8.7-p357, 1.9.x
Apache Tomcat >= 5.5.35, >= 6.0.35, >= 7.0.23
Oracle Glassfish, N/A (Oracle reports that the issue is fixed in the main codeline and scheduled for a future CPU)
将php从5.2.14升级到5.2.17并打上补丁
下载patch
https://github.com/laruence/laruence.github.com/zipball/master
到之前的php编译目录
cd src/lempelf/package/
wget http://www.php.net/get/php-5.2.17.tar.gz/from/kr.php.net/mirror
wget http://php-fpm.org/downloads/php-5.2.17-fpm-0.5.14.diff.gz
tar zxvf php-5.2.17.tar.gz
gzip -cd php-5.2.17-fpm-0.5.14.diff.gz |patch -d php-5.2.17 -p1
patching file configure
Hunk #7 succeeded at 110645 (offset 1324 lines).
Hunk #9 succeeded at 119634 (offset 1324 lines).
patching file configure.in
patching file libevent/ChangeLog
patching file libevent/Makefile.am
patching file libevent/Makefile.in
patching file libevent/README
patching file libevent/aclocal.m4
patching file libevent/autogen.sh
patching file libevent/buffer.c
patching file libevent/compat/sys/_time.h
patching file libevent/compat/sys/queue.h
patching file libevent/config.h.in
patching file libevent/configure
patching file libevent/configure.in
patching file libevent/depcomp
patching file libevent/devpoll.c
patching file libevent/epoll.c
patching file libevent/epoll_sub.c
patching file libevent/evbuffer.c
patching file libevent/event-config.h
patching file libevent/event-fpm.h
patching file libevent/event-internal.h
patching file libevent/event.3
patching file libevent/event.c
patching file libevent/event.h
patching file libevent/evhttp.h
patching file libevent/evport.c
patching file libevent/evsignal.h
patching file libevent/evutil.c
patching file libevent/evutil.h
patching file libevent/http-internal.h
patching file libevent/http.c
patching file libevent/install-sh
patching file libevent/kqueue.c
patching file libevent/log.c
patching file libevent/log.h
patching file libevent/min_heap.h
patching file libevent/missing
patching file libevent/poll.c
patching file libevent/select.c
patching file libevent/signal.c
patching file libevent/strlcpy-internal.h
patching file libevent/strlcpy.c
patching file main/php_config.h.in
patching file sapi/cgi/Makefile.frag
patching file sapi/cgi/cgi_main.c
patching file sapi/cgi/config9.m4
patching file sapi/cgi/fastcgi.c
patching file sapi/cgi/fastcgi.h
patching file sapi/cgi/fpm/Makefile.frag
patching file sapi/cgi/fpm/acinclude.m4
patching file sapi/cgi/fpm/conf/php-fpm.conf.in
patching file sapi/cgi/fpm/config.m4
patching file sapi/cgi/fpm/fpm.c
patching file sapi/cgi/fpm/fpm.h
patching file sapi/cgi/fpm/fpm_arrays.h
patching file sapi/cgi/fpm/fpm_atomic.h
patching file sapi/cgi/fpm/fpm_autoconf.h.in
patching file sapi/cgi/fpm/fpm_children.c
patching file sapi/cgi/fpm/fpm_children.h
patching file sapi/cgi/fpm/fpm_cleanup.c
patching file sapi/cgi/fpm/fpm_cleanup.h
patching file sapi/cgi/fpm/fpm_clock.c
patching file sapi/cgi/fpm/fpm_clock.h
patching file sapi/cgi/fpm/fpm_conf.c
patching file sapi/cgi/fpm/fpm_conf.h
patching file sapi/cgi/fpm/fpm_config.h
patching file sapi/cgi/fpm/fpm_env.c
patching file sapi/cgi/fpm/fpm_env.h
patching file sapi/cgi/fpm/fpm_events.c
patching file sapi/cgi/fpm/fpm_events.h
patching file sapi/cgi/fpm/fpm_php.c
patching file sapi/cgi/fpm/fpm_php.h
patching file sapi/cgi/fpm/fpm_php_trace.c
patching file sapi/cgi/fpm/fpm_php_trace.h
patching file sapi/cgi/fpm/fpm_process_ctl.c
patching file sapi/cgi/fpm/fpm_process_ctl.h
patching file sapi/cgi/fpm/fpm_request.c
patching file sapi/cgi/fpm/fpm_request.h
patching file sapi/cgi/fpm/fpm_shm.c
patching file sapi/cgi/fpm/fpm_shm.h
patching file sapi/cgi/fpm/fpm_shm_slots.c
patching file sapi/cgi/fpm/fpm_shm_slots.h
patching file sapi/cgi/fpm/fpm_signals.c
patching file sapi/cgi/fpm/fpm_signals.h
patching file sapi/cgi/fpm/fpm_sockets.c
patching file sapi/cgi/fpm/fpm_sockets.h
patching file sapi/cgi/fpm/fpm_stdio.c
patching file sapi/cgi/fpm/fpm_stdio.h
patching file sapi/cgi/fpm/fpm_str.h
patching file sapi/cgi/fpm/fpm_trace.c
patching file sapi/cgi/fpm/fpm_trace.h
patching file sapi/cgi/fpm/fpm_trace_mach.c
patching file sapi/cgi/fpm/fpm_trace_pread.c
patching file sapi/cgi/fpm/fpm_trace_ptrace.c
patching file sapi/cgi/fpm/fpm_unix.c
patching file sapi/cgi/fpm/fpm_unix.h
patching file sapi/cgi/fpm/fpm_worker_pool.c
patching file sapi/cgi/fpm/fpm_worker_pool.h
patching file sapi/cgi/fpm/init.d/php-fpm.in
patching file sapi/cgi/fpm/xml_config.c
patching file sapi/cgi/fpm/xml_config.h
patching file sapi/cgi/fpm/zlog.c
patching file sapi/cgi/fpm/zlog.h
unzip laruence-laruence.github.com-43969a1.zip
cd php-5.2.17
patch -p1 < ../laruence-laruence.github.com-43969a1/php-5.2-max-input-vars/php-5.2.17-max-input-vars.patch
patching file configure
Hunk #1 succeeded at 2176 (offset 11 lines).
patching file configure.in
patching file main/main.c
patching file main/php_globals.h
patching file main/php_variables.c
patching file main/php_version.h
打好补丁,重编译一遍php
./configure –prefix=/opt/php-5.2.17p1 –with-config-file-path=/opt/php-5.2.17p1/etc –with-mysql=/opt/mysql –with-mysqli=/opt/mysql/bin/mysql_config –with-iconv-dir=/usr/local –with-freetype-dir –with-jpeg-dir –with-png-dir –with-zlib –with-libxml-dir=/usr –disable-rpath –enable-discard-path –enable-safe-mode –enable-bcmath –enable-shmop –enable-sysvsem –enable-inline-optimization –with-curl –with-curlwrappers –enable-mbregex –enable-fastcgi –enable-fpm –enable-force-cgi-redirect –enable-mbstring –with-mcrypt –with-gd –enable-gd-native-ttf –with-openssl –with-mhash –enable-pcntl –enable-sockets –with-xmlrpc –enable-zip –enable-soap –enable-xml –enable-zend-multibyte –disable-debug –disable-ipv6
make ZEND_EXTRA_LIBS=’-liconv’
make install
cd ../memcache-3.0.5
make clean
/opt/php-5.2.17p1/bin/phpize
./configure –with-php-config=/opt/php-5.2.17p1/bin/php-config
make
make install
cd ../eaccelerator-0.9.6.1
make clean
/opt/php-5.2.17p1/bin/phpize
./configure –enable-eaccelerator=shared –with-php-config=/opt/php-5.2.17p1/bin/php-config
make
make install
cd ../PDO_MYSQL-1.0.2
make clean
/opt/php-5.2.17p1/bin/phpize
./configure –with-php-config=/opt/php-5.2.17p1/bin/php-config –with-pdo-mysql=/opt/mysql
make
make install
cd ../imagick-2.2.2/
make clean
/opt/php-5.2.17p1/bin/phpize
./configure –with-php-config=/opt/php-5.2.17p1/bin/php-config
make
make install
#32位用下面
cp ../ZendOptimizer-3.3.9-linux-glibc23-i386/data/5_2_x_comp/ZendOptimizer.so /opt/php-5.2.17p1/lib/php/extensions/no-debug-non-zts-20060613/
#64位用下面
cp ../ZendOptimizer-3.3.9-linux-glibc23-x86_64/data/5_2_x_comp/ZendOptimizer.so /opt/php-5.2.17p1/lib/php/extensions/no-debug-non-zts-20060613/
mkdir -p /opt/php-5.2.17p1/eaccelerator_cache
chown www:website /opt/php-5.2.17p1/eaccelerator_cache/
chmod 770 /opt/php-5.2.17p1/eaccelerator_cache/
touch /opt/php-5.2.17p1/logs/php_error.log
chown www:website /opt/php-5.2.17p1/logs/php_error.log
chmod 770 /opt/php-5.2.17p1/logs/php_error.log
#升级pear (可选)
/opt/php-5.2.17p1/bin/pear upgrade pear
/opt/php-5.2.17p1/bin/pear install Benchmark Cache_Lite DB HTTP Mail Mail_Mime Net_SMTP Net_Socket Pager XML_Parser XML_RPC
cp -p /opt/php/etc/php.ini /opt/php-5.2.17p1/etc/
cp -p /opt/php/etc/php-fpm.conf /opt/php-5.2.17p1/etc/
chown root:website /opt/php-5.2.17p1/etc/*
chmod 660 /opt/php-5.2.17p1/etc/*
/opt/php/sbin/php-fpm stop
#删掉软连接,切换php
rm /opt/php
ln -s /opt/php-5.2.17p1/ /opt/php
/opt/php/sbin/php-fpm start
注意phpfpm.conf,php.ini中的路径
找不到libmysqlclient.so.16
./conftest: error while loading shared libraries: libmysqlclient.so.16
echo /opt/mysql/lib/mysql >> /etc/ld.so.conf
ldconfig -v
eAccelerator出错
[eAccelerator] This build of “eAccelerator” was compiled for PHP version 5.2.14. Rebuild it for your PHP version (5.2.17p1) or download precompiled binaries.
重新编译eAccelerator
参考:
http://www.laruence.com/2011/12/29/2412.html
No Responses (yet)
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.