php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Sec Bug #66946 fileinfo: extensive backtracking in awk rule regular expression
Submitted: 2014-03-24 07:55 UTC Modified: 2014-04-03 09:26 UTC
From: remi@php.net Assigned: remi (profile)
Status: Closed Package: Filesystem function related
PHP Version: 5.4.26 OS: irrevelant
Private report: No CVE-ID: 2013-7345
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: remi@php.net
New email:
PHP Version: OS:

 

 [2014-03-24 07:55 UTC] remi@php.net 
Description:
------------
CVE-2013-7345 file: denial of service (CPU consumption) when processing certain files:

Upstream bug: http://bugs.gw.com/view.php?id=164
Upstream fix: https://github.com/file/file/commit/ef2329cf71acb59204dd981e2c6cce6c81fe467c


5.6 is not affected (magic 5.17)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-03-24 07:56 UTC] remi@php.net
-CVE-ID: +CVE-ID: 2013-7345
 [2014-03-24 08:47 UTC] remi@php.net 
Test script:
  <?php
  $fd = __DIR__.'/data';
  $a = str_repeat("\n", 1000000);
  file_put_contents($fd, $a);
  $fi = finfo_open(FILEINFO_NONE);
  var_dump(finfo_file($fi, $fd));
  finfo_close($fi);

Without the patch
  $ time php -n -d extension=fileinfo.so /tmp/foo.php 
  string(10) "ASCII text"
  real    0m18.636s

With the patch applied
  $ time php -n -d extension=modules/fileinfo.so /tmp/foo.php 
  string(10) "ASCII text"
  real    0m0.470s
 [2014-03-24 09:15 UTC] remi@php.net 
Compressed patch:
http://remi.fedorapeople.org/data-file.patch.xz
 [2014-03-25 09:58 UTC] remi@php.net
-Summary: denial of service (CPU consumption) when processing certain files +Summary: fileinfo: extensive backtracking in awk rule regular expression -Assigned To: +Assigned To: remi
 [2014-03-25 10:16 UTC] remi@php.net
-Status: Assigned +Status: Closed
 [2014-03-25 10:16 UTC] remi@php.net 
Fixed in 5.4 and 5.5

http://git.php.net/?p=php-src.git;a=commitdiff;h=1df558c6a03f82c7ffa42bc0a49b4561d3cceb92

http://git.php.net/?p=php-src.git;a=commitdiff;h=4374a52e9d13c480b4620c80a48591c6f883664b
 [2014-04-10 04:47 UTC] tyrael@php.net 
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src.git;a=commit;h=4374a52e9d13c480b4620c80a48591c6f883664b
Log: Fixed bug #66946 extensive backtracking in awk rule regular expression CVE-2013-7345
 [2014-04-10 04:47 UTC] tyrael@php.net 
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src.git;a=commit;h=1df558c6a03f82c7ffa42bc0a49b4561d3cceb92
Log: Fixed bug #66946 extensive backtracking in awk rule regular expression CVE-2013-7345
 [2014-10-07 23:15 UTC] stas@php.net 
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=4374a52e9d13c480b4620c80a48591c6f883664b
Log: Fixed bug #66946 extensive backtracking in awk rule regular expression CVE-2013-7345
 [2014-10-07 23:15 UTC] stas@php.net 
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=1df558c6a03f82c7ffa42bc0a49b4561d3cceb92
Log: Fixed bug #66946 extensive backtracking in awk rule regular expression CVE-2013-7345
 [2014-10-07 23:26 UTC] stas@php.net 
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=4374a52e9d13c480b4620c80a48591c6f883664b
Log: Fixed bug #66946 extensive backtracking in awk rule regular expression CVE-2013-7345
 [2014-10-07 23:26 UTC] stas@php.net 
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=1df558c6a03f82c7ffa42bc0a49b4561d3cceb92
Log: Fixed bug #66946 extensive backtracking in awk rule regular expression CVE-2013-7345
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 20:01:29 2024 UTC