[Advisory] Old PHP client very buggy...

Sean Chittenden sean at chittenden.org
Fri Dec 17 10:48:55 PST 2004 

I know it's late for a Halloween story, but save it so you can pull it 
out next year during October and scare some php kiddies.  Running 
across this bug was spooky and hard to diagnose.

I'd like to advise all users of the native PHP client distributed by 
Danga to use the client posted by Timo Ewalds (plus the patch from Ian 
Kallen).  The URL for the original PHP client  in question is:

http://www.danga.com/memcached/dist/php-memcached-1.0.10.tar.gz

I'm pretty sure they didn't write it, but since it's distributed by 
danga.com, many folks get the wrong impression that it's the 
authoritative or recommended client to use.  The URL for the updated 
client and its patch is:

http://lists.danga.com/pipermail/memcached/2004-December/001004.html
http://lists.danga.com/pipermail/memcached/2004-December/001008.html

The original PHP client is subject to an effective DoS wherein its 
parsing of data from the memcached server was buggy and would cause the 
client to hang forever.  Timo's updated client doesn't suffer from this 
grave problem.

Many users may not be bitten by this, but, if all of a sudden pages 
start hanging, or there's a slow creeping growth of apache processes, 
the likely culprit is this memcached client.  Other symptoms include 
maxing out database connections or other resources that apache may use, 
but never release because the request never reaches the cleanup state.

This particular bug is hard to track if someone attaches ktrace(1) or 
gdb(1) to the idle apache process, which is just that: completely idle.

I consider this to be a bug on PHP's socket implementation as well, not 
just a bug in the original php memcached client.  Apache's client 
timeout is ignored when doing PHP's socket IO, which is rather bogus.  
The client timeout in apache should be read by php and applied to all 
socket IO when socket IO is performed via apache/mod_php, which would 
prevent an infinite growth of apache processes and resource consumption 
(database or otherwise).  Having PHP do this for non-mod_php requests, 
however, would be undesirable.

I haven't spent the time to look at why this is, only to suggest that 
someone may want to either sit down and figure out where the problem is 
with the above PHP client mentioned above or upgrade to Timo's version. 
  The only notable difference between the clients insofar as I have 
noticed is the class name needs to be changed.

FWIW, I likely won't be spending much more time with the native PHP 
client and will probably be adding libmemcache(3) support to the PEAR 
version which would give the PEAR version multi-server support.  
Anyway, have a nice day.  -sc

-- 
Sean Chittenden

More information about the memcached mailing list