Installation problem with PHP5.2.5 with Suhosin Patch (3 posts)

  1. stanpinte
    Posted 4 years ago #


    After installing wordpress files version 3.1.3, we see the following error in the logs (the browser returns a 505 error):

    [Wed Jun 22 15:44:55 2011] [error] [client x.x.x.x] ALERT - canary mismatch on efree() - heap overflow detected (attacker 'x.x.x.x', file '/home/www/ertmstest/wp-includes/user.php', line 1079), referer: http://x.y.be/wp-login.php?redirect_to=http%3A%2F%2Fx.y.be%2Fwp-admin%2F&reauth=1

  2. stanpinte
    Posted 4 years ago #

    My question are:

    1/ is this problem going to be fixed in upcoming releases of WordPress?

    I have digged the forums, but saw no definitive answer to this problem

    2/ in the meanwhile, without disabling Suhosin for my installation (like described here: http://myeasylinux.wordpress.com/2010/10/25/disable-suhosin/), is there anything we can do?

    Thanks in advance for your help!

  3. GRAQ
    Posted 4 years ago #

    I have installed PHP 5.3.* with Suhosin and run WordPress on it successfully. That was on a VPS I was playing around with some months ago. I can't remember any details though, as I didn't use that configuration for any of our production servers. But it gives you hearsay hope that PHP+Suhosin+WP works.

    Aside from trying a later version of PHP (than 5.2.5), you may get away with disabling ini_set() in php ini (I think that's one of the issues).

    Try this in an appropriate php.ini file:
    disable_functions = "ini_set"

Topic Closed

This topic has been closed to new replies.

About this Topic