[wp-hackers] canary mismatch on efree() - heap overflow detected
Knut-Olav Hoven
hovenko at linpro.no
Fri Aug 3 08:42:06 GMT 2007
On Thursday 02 August 2007 20:26:25 Alex Günsche wrote:
> On Thu, 2007-08-02 at 17:06 +0200, Knut-Olav Hoven wrote:
> > I get the following in my Apache error log.
> >
> > Aug 2 16:28:20 beta suhosin[49368]: ALERT - canary mismatch on efree() -
> > heap overflow detected (attacker '127.0.0.1',
> > file '/some/dir/wordpress/wp-includes/kses.php', line 518)
>
> As far as I know, you can/must tweak Suhoshin to only trigger on
> relevant errors. By default, it has very many false positives. There
> should be a config file where you can disable the error triggering for
> this specific issue.
I use only the Suhosin patch... According to this page
(http://www.hardened-php.net/suhosin/configuration.html) the patch will only
log the events...
Maybe PHP just crashes then, not because of Suhosin, but because of something
else...
I got a tip to modify the kses.php file to make xcache generate new opcodes
for it, but that did not solve the problem either.
It is the call to function "wp_kses" that triggers the error. Don't know what
inside that function that makes it fail.
>
>
> Alex
--
Knut-Olav Hoven
Systemutvikler mob: +47 986 71 700
Linpro AS http://www.linpro.no/
More information about the wp-hackers
mailing list