php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #40273 System slow down in php 5.2.0
Submitted: 2007-01-29 13:29 UTC Modified: 2007-01-29 14:18 UTC
From: Jenei dot Viktor dot Attila at stud dot u-szeged dot hu Assigned:
Status: Not a bug Package: Performance problem
PHP Version: 5.2.0 OS: Win32, Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: Jenei dot Viktor dot Attila at stud dot u-szeged dot hu
New email:
PHP Version: OS:

 

 [2007-01-29 13:29 UTC] Jenei dot Viktor dot Attila at stud dot u-szeged dot hu 
Description:
------------
In the bcmatch module can found a function called bcpow. If you called
this with a big exponent, the compute will take a long. If you load this
script many times, the system will hang up. The set_time_limit value don't
help, because it is not an interpreted code.
This code only usefull, if the attacker want to reboot/halt the server by
the administrator.

Reproduce code:
---------------
denial_of_service.php:
<?php
echo bcpow(9,9999999);
?>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-01-29 13:36 UTC] tony2001@php.net 
bcmath extension uses libbcmath, which actually does those math operations and we apparently cannot fix or improve this third-party library.
There were no changes in ext/bcmath for years, so I doubt that it's appeared in 5.2.0.
Not PHP problem.
 [2007-01-29 14:18 UTC] Jenei dot Viktor dot Attila at stud dot u-szeged dot hu 
But no time limit when you use third party library? (php interpreter don't count the time?)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Dec 27 10:01:28 2024 UTC