[php-maint] Bug#727143: libapache2-mod-php5: max_execution_time + SSL causes data transfer corruption

Michael Lass lass at mail.upb.de
Tue Oct 22 16:02:04 UTC 2013 

Package: libapache2-mod-php5
Version: 5.3.3-7+squeeze17
Severity: important

When using libapache2-mod-php5 and max_execution_time long lasting data transfers
via SSL/TLS get corrupted.

Steps to reproduce:

1. Install apache2 and libapache2-mod-php5
2. a2enmod ssl
3. insert "php_admin_value max_execution_time 30" into default-ssl.conf
4. a2ensite default-ssl
5. create a large file (at least 2GB) in /var/www
6. try to download this file using
   wget https://localhost/test -O /dev/null --no-check-certificate

Result:

The transfer aborts after some time because of one of the following reasons:
 - partial content
 - wrong TLS packet size
 - connection closed

For us it happens mostly after having downloaded between 1.4 and 2.0 GB.

In the apache error.log you can see the following message:
[notice] child pid 3658 exit signal Profiling timer expired (27)

The value of max_execution_time does not matter. Setting it to 5 and 5000
results in the same behavior. The problem also does not occur after a specific
time or a specific data amount.

We noticed this behavior at the end of september so it may be caused by one
of the latest updates.


-- System Information:
Debian Release: 6.0.8
  APT prefers oldstable
  APT policy: (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF8, LC_CTYPE=de_DE.UTF8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libapache2-mod-php5 depends on:
ii  apache2-mpm-prefor 2.2.16-6+squeeze11    Apache HTTP Server - traditional n
ii  apache2.2-common   2.2.16-6+squeeze11    Apache HTTP Server common files
ii  libbz2-1.0         1.0.5-6+squeeze1      high-quality block-sorting file co
ii  libc6              2.11.3-4              Embedded GNU C Library: Shared lib
ii  libcomerr2         1.41.12-4stable1      common error description library
ii  libdb4.8           4.8.30-2              Berkeley v4.8 Database Libraries [
ii  libgssapi-krb5-2   1.8.3+dfsg-4squeeze7  MIT Kerberos runtime libraries - k
ii  libk5crypto3       1.8.3+dfsg-4squeeze7  MIT Kerberos runtime libraries - C
ii  libkrb5-3          1.8.3+dfsg-4squeeze7  MIT Kerberos runtime libraries
ii  libmagic1          5.04-5+squeeze2       File type determination library us
ii  libonig2           5.9.1-1               Oniguruma regular expressions libr
ii  libpcre3           8.02-1.1              Perl 5 Compatible Regular Expressi
ii  libqdbm14          1.8.77-4              QDBM Database Libraries [runtime]
ii  libssl0.9.8        0.9.8o-4squeeze14     SSL shared libraries
ii  libxml2            2.7.8.dfsg-2+squeeze8 GNOME XML library
ii  mime-support       3.48-1                MIME files 'mime.types' & 'mailcap
ii  php5-common        5.3.3-7+squeeze17     Common files for packages built fr
ii  tzdata             2013d-0squeeze1       time zone and daylight-saving time
ii  ucf                3.0025+nmu1           Update Configuration File: preserv
ii  zlib1g             1:1.2.3.4.dfsg-3      compression library - runtime

Versions of packages libapache2-mod-php5 recommends:
ii  php5-cli               5.3.3-7+squeeze17 command-line interpreter for the p

Versions of packages libapache2-mod-php5 suggests:
pn  php-pear                      <none>     (no description available)

-- no debconf information

More information about the pkg-php-maint mailing list