-
Notifications
You must be signed in to change notification settings - Fork 0
Segmentation faults in Apache
If you are running SimpleSAMLphp 1.14.0 or older, and versions of PHP older than 5.6, you might see errors like this in your error_log:
[core:notice] [pid 1234] AH00051: child pid 12345 exit signal Segmentation fault (11), possible coredump in /etc/apache2
If you are really unlucky, you might even get a blank page in your browser or a message from it saying it cannot connect to the server (if you are also using HTTPS).
If you have experienced any of these, you might have hit a bug in PHP as reported in issue #293.
There are a few bugs introduced in PHP when the header_register_callback function was implemented, and they have been fixed over the years and the fixes released through different versions of PHP.
At the same time, there was a race condition in SimpleSAMLphp that could lead to error messages about missing state. In order to fix that issue, we started using the header_register_callback to make sure any change to the session was properly saved before sending any output to the browser, eliminating the race condition.
The problem is that using the header_register_callback makes you vulnerable to those bugs in PHP, so if you are not using a version where all of them have been fixed, you could experience the aforementioned segmentation faults.
You have two alternatives to fix this issue, each with its pros and cons:
-
Update PHP to 5.6 or newer. Pro: you will get rid of both the segmentation faults and the missing state errors. Con: it can be hard in many systems to update to 5.6, as that version might not yet be available in the stable branch of your operating system.
-
Disable the
header_register_callbackfunction in yourphp.ini. In order to do that, go to thephp.inifile in use by your web server, and locate thedisable_functionsdirective. Appendheader_register_callbackto it (bear in mind that the functions must be comma-separated). Pro: it is way easier than updating PHP, and you can always do this. Con: the missing state errors will eventually be back.