LSWS/IE odd issue!

[IrPr]

Hi

I didnt see any odd bug with LSWS like this before! in a vBulletin forum when i try to edit some large posts, edit form returns 503 Service Unavailable error in Internet Explorer, but no any error with another browsers!

I tried same exact time/user/cookie and it seems not jumpy to me, all of IE requests returned 503 and all FF/Opera/etc requests are OK

Indeed not all posts but large posts edit using ajax/non-ajax in IE return 503, however the same posts could be edited in FF without any error at the same time using same cookie

This is LS error logs for this:

[1.1.1.1:62878-0#APVH_w00t.com] connection to [uds://tmp/lshttpd/lsphp5.sock] on request #798, Connection reset by peer!
[1.1.1.1:62878-0#APVH_w00t.com] connection to [uds://tmp/lshttpd/lsphp5.sock] on request #0, Connection reset by peer!
[1.1.1.1:62878-0#APVH_w00t.com] connection to [uds://tmp/lshttpd/lsphp5.sock] on request #190, Connection reset by peer!
[1.1.1.1:62878-0#APVH_w00t.com] oops! 503 Service Unavailable
[1.1.1.1:62878-0#APVH_w00t.com] Content len: 0, Request line:
GET /forum/editpost.php?do=editpost&postid=173753&x=z HTTP/1.1

this is IE request headers:

GET /forum/editpost.php?do=editpost&postid=173753 HTTP/1.1
Host:              www.w00t.com
User-Agent:        Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Cookie:            bbsessionhash=x; bblastvisit=1237675986; bblastactivity=0; bbuserid=x; bbpassword=x;

response headers:

HTTP/1.1 503 Service Unavailable
Date: Sun, 22 Mar 2009 03:21:16 GMT
Server: LiteSpeed
Connection: close
Cache-Control: private, no-cache, max-age=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 400

The interesting thing is that when i played with UA and changed MSIE 7.0 to MSIE 2.0 or 3.0 or what ever it didnt return 503 but for MSIE 6.0 or MSIE 7.0 it returns 503

Well, there is no any mod_security rule in my httpd.conf or any rewrite rule in httpd.conf or htaccess, i tested 4.0 and 3.2.24 too both have this bug

It seems to me that some requests with MSIE 6/7 as UA had been blocked by LSWS globally and hope be fixed ASAP

Thanks

 

[mistwang]

PHP crashed when processing a request from IE.
Have you upgrade PHP or upgrade vBulletin recently?

Since you do not have this problem before, it must be the changes you have made recently, especially or PHP.

You can try strace lsphp5 process or use gdb to attach to lsphp5 process to find out what crashed PHP.

 

[IrPr]

PHP crashed when processing a request from IE.
Have you upgrade PHP or upgrade vBulletin recently?

Since you do not have this problem before, it must be the changes you have made recently, especially or PHP.

You can try strace lsphp5 process or use gdb to attach to lsphp5 process to find out what crashed PHP.

I just upgraded to 4.0 yesterday and im running php 5.2.8 + xcache
as my customer reported it to me today im not sure when it occoured first time

But if there is a bug with PHP why it occoures only in IE 6/7? why not another UA?

Ok, i will try coredumps

thanks

 

[IrPr]

Ok, i tried strace and find out the problem and just want to note that as George said its a PHP issue in PCRE library not LSWS

in class_bbcode there is a function for nl2br but for IE it needs a bit more replaces to be displayed as it should be

this is the code which causes Segmentation fault:

		if ($this->is_wysiwyg('ie'))
		{
			// this fixes an issue caused by odd nesting of tags. This causes IE's
			// WYSIWYG editor to display the output as vB will display it
			$rematch_find = array(
				'#\[((color)=.*)\](.*)\[/\\2\]#siUe',
				'#\[((font)=.*)\](.*)\[/\\2\]#siUe',
				'#\[((size)=.*)\](.*)\[/\\2\]#siUe',
			);
			$text = preg_replace($rematch_find, "\$this->bbcode_rematch_tags_wysiwyg('\\3', '\\2', '\\1')", $text);

			$rematch_find = array(
				'#\[(b)\](((?>[^[]+?)|(?R)|\[)*)\[/\\1\]#siUe',
				'#\[(i)\](((?>[^[]+?)|(?R)|\[)*)\[/\\1\]#siUe',
				'#\[(u)\](((?>[^[]+?)|(?R)|\[)*)\[/\\1\]#siUe',
				'#\[(left)\](((?>[^[]+?)|(?R)|\[)*)\[/\\1\]#siUe',
				'#\[(center)\](((?>[^[]+?)|(?R)|\[)*)\[/\\1\]#siUe',
				'#\[(right)\](((?>[^[]+?)|(?R)|\[)*)\[/\\1\]#siUe',
			);
			$text = preg_replace($rematch_find, "\$this->bbcode_rematch_tags_wysiwyg('\\2', '\\1')", $text);

			$text = '<p>' . preg_replace('#(\r\n|\n|\r)#', "</p>\n<p>", ltrim($text)) . '</p>';

			if (strpos('[/list', strtolower($text))) // workaround bug #22749
			{
				$text = preg_replace('#(\[list(=(&quot;|"|\'|)(.*)\\3)?\])(((?>[^\[]*?|(?R))|(?>.))*)(\[/list(=\\3\\4\\3)?\])#siUe', "\$this->remove_wysiwyg_breaks('\\0')", $text);
			}
			$text = preg_replace('#<p>\s*</p>(?!\s*\[list|$)#i', '<p>&nbsp;</p>', $text);

			$text = str_replace('<p></p>', '', $text);
		}

I think there are limitations for pcre recursion and it couldnt deal with kernel stacks for preg_replace in this case

i tried to increase kernel stack size using ulimit but didnt help
when i decrease pcre.recursion_limit value very low it doesnt return 503 anymore but shows the editor without any text parsed in it

any suggestions would be appreciate

PS: as mentioned in previous post this just occoures for large posts, for example a post which contains more than 60k characters