The MU forums have moved to WordPress.org

ALERT - canary mismatch (21 posts)

  1. SteveAtty
    Member
    Posted 13 years ago #

    Hmm

    Anyone seen anything like this before? I have Suhosin installed which I believe has trapped something

    This is in my apache error log:

    ALERT - canary mismatch on efree() - heap overflow detected (attacker '192.168.0.1', file '/webstuff/canalblogs/wp-cron.php')

    I've checked my error log and this has only happened twice today so might just be a gitch but...

  2. tdjcbe
    Member
    Posted 13 years ago #

    Looks like it's been much discussed. Looks like, when it happens with wp, it;s with kses though.

  3. andrea_r
    Moderator
    Posted 13 years ago #

    Doesn't that mean the air is bad and we should all get out of the mine before we suffocate? ;P

  4. SteveAtty
    Member
    Posted 13 years ago #

    Well it looks like it does Andrea as everything started going wrong and the site stopped working so I had to restart apache. But I had been doing some rather odd stuff earlier today which might have messed up the memory.

    Server has been up for over 71 days so far

  5. tdjcbe
    Member
    Posted 13 years ago #

    Oh sure. Leave all that out from your first post and I spend five minutes looking for an answer for you. :(

  6. SteveAtty
    Member
    Posted 13 years ago #

    It only started going wrong after the wp-cron issues. Its been running fine since I screwed some code up earlier today.

  7. josswinn
    Member
    Posted 13 years ago #

    I've seen this before and got it again today on WPMU 2.7.1:

    ALERT - canary mismatch on efree() - heap overflow detected (attacker '194.xx.xx.xx', file '/var/www/html/example.org/public/index.php')

    I'm not doing anything odd with the site though. Can't think why it would be kses related with me.

    Results in a server error/blank page for the user, depending on the browser.

    I've come across the suggestion that:

    zend.ze1_compatibility_mode Off

    will resolve the issue, but not for me as that's my default anyway.

    It looks like it's a PHP bug (Ubuntu Hardy/PHP V 5.2.4).

  8. SteveAtty
    Member
    Posted 13 years ago #

    I think its a Suhosin patch bug and for some reason Debian decided to include the patch by default in all their PHP/Apache PHP builds and its even in the code base. Research suggests that the only way to fix it is to rebuild php without the patch in it which involves quite a bit of work. But I might do that if it gets too bad

  9. tdjcbe
    Member
    Posted 13 years ago #

    heh FreeBSD.... FreeBSD.... You know you want to. :)

    Our mascot is way cooler too. ;)

  10. GwynethLlewelyn
    Member
    Posted 13 years ago #

    Hmpf, I *am* running FreeBSD (with PHP 5.2.6 with Suhosin-Patch 0.9.6.2) and I get the same error. Pfft. So, no, tdjcbe, don't blame it on Linux ;)

  11. SteveAtty
    Member
    Posted 13 years ago #

    Its the Suhosin Patch, but why it suddenly happens I dont know, it could be a bug somewhere in PHPs garbage collection that WPMU is hitting or its just one of those things. Google searches indicate that its happening to quite a few people and its been logged as a PHP bug

    http://bugs.php.net/bug.php?id=44872

  12. GwynethLlewelyn
    Member
    Posted 13 years ago #

    ... zend.ze1_compatibility_mode Off worked for me though (FreeBSD 6.3)

  13. SteveAtty
    Member
    Posted 13 years ago #

    That's already turned off in mine :-(

    Still its not blown up again yet so fingers crossed it was something else I was doing that had just mushed up the heap so much that php blew up.

  14. SteveAtty
    Member
    Posted 13 years ago #

    OK I've found something odd.

    If I recompile php without the suhosin patch then I get segfaults with eaccellerator turned on.

    If I turn off eaccellerator then it works fine. Its actually been raised as an eaccelerator bug.

    And I've found the following in a google discussion:

    Suhosin reports heap overflow on PHP lines with list(,$temp)
    construction (empty variables).
    
    After running for a few hours, my webserver starts returning 500
    errors on specific PHP scripts and I have those entries in the /var/
    log/messages:
    
    ALERT - canary mismatch on efree() - heap overflow detected (...)
    
    It also shows me the script name and the line number. Each of the
    scripts involved has list(,$temp) constructions on those lines, so I
    assume, there might be some kind of a leak in PHP, Eaccelerator or
    Suhosin. Anyways, I'm posting this bug to all 3 buglists, just in
    case.
    
    Code:
    
    list(, $pg, $t, ) = pagebar(100, 12, "", $page);
    
    The only thing that helps is running eaccelerator_clear() function
    every hour.

    So I wonder if WPMU has got some of these sort of constructs in it.

  15. SteveAtty
    Member
    Posted 13 years ago #

    I have been told that the answer is :

    echo "suhosin.simulation = on" >> /etc/php5/conf.d/suhosin.ini

    which means it simply logs and never terminates.

  16. johndeery
    Member
    Posted 13 years ago #

    Running in to this problem also. I can no longer upload files via either the Flash uploader (pops this error) or the regular uploader (no error in logs, just fails on page).

    All of the googling that I did points to developers saying that suhosin is acting correctly and it's the scripts that need to be fixed. Setting the simulation to "on" also doesn't seem to do anything.

  17. SteveAtty
    Member
    Posted 13 years ago #

    I've created a sushosin.ini file and I've not had the problem since. But I've recompiled eaccelerator and I deleted all the cache files, some of which seem to be getting left behind.

    Are you on a 32 or 64 bit system?

  18. cinemaminima
    Member
    Posted 12 years ago #

    I have been having this problem since I upgraded to WordPress 2.8 and then to 2.9.1

    > I've seen this before and got it again today on WPMU 2.7.1:
    >
    > ALERT - canary mismatch on efree() - heap overflow detected (attacker '194.xx.xx.xx', file '/var/www/html/example.org/public/index.php')
    >
    > I'm not doing anything odd with the site though. Can't think why it would be kses related with me.
    >
    > Results in a server error/blank page for the user, depending on the browser.

    Running Ubuntu Hardy with eAccelerator and Suhosin.

    Help! please.

  19. SteveAtty
    Member
    Posted 12 years ago #

    I tried the Beta version of the next release of eAccelerator but it caused so many problems that I gave up on it and am no longer running eAccelerator.

    You could try the config file option which I mentioned further up the thread

  20. SteveAtty
    Member
    Posted 12 years ago #

    I just tried Release 0.9.6-rc2 and it blew up within 15 minutes.

    There was a ticket open in the trac ( http://eaccelerator.net/ticket/299 ) but its been closed because the developer can't reproduce it.

    I really wish that the upstream hadn't forced the suhosin patch on us.

    The only option at the moment is to disable eaccelerator.

  21. horrorshow
    Member
    Posted 12 years ago #

    I am having the same problem on my wordpress mu 2.8.5.2 site.
    My system is Ubuntu 8.04 LTS 64bit, and I am getting the:
    canary mismatch on efree() - heap overflow detected (attacker ..

    In php.ini, following are already set:
    zend.ze1_compatibility_mode = Off
    mssql.datetimeconvert = Off

    As per above suggestion, in/etc/php5/conf.d/suhosin.ini, this is set as well:
    suhosin.simulation = on

    Any updates to this issue? Users are getting a blank page after some time. When the apache server is reloaded, the site runs normally until the same problems occurs again eventually.. Does building php without suhosin fix this issue..?

About this Topic

  • Started 13 years ago by SteveAtty
  • Latest reply from horrorshow