php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #69243 Giving row break to get() makes php process eat 100% CPU until timeout.
Submitted: 2015-03-16 07:26 UTC Modified: 2020-08-11 14:31 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: henrik dot persson at gmail dot com Assigned: cmb (profile)
Status: Closed Package: memcached (PECL)
PHP Version: 5.5.22 OS: Linux - Debian Wheezy
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: henrik dot persson at gmail dot com
New email:
PHP Version: OS:

 

 [2015-03-16 07:26 UTC] henrik dot persson at gmail dot com 
Description:
------------
If supplying a row break \n in a key name for get()/getMulti() you will make the PHP thread use 100% CPU until the script times out.

Test script:
---------------
<?php
$memcached = new Memcached();
$memcached->addServer('192.168.0.1', 11211);
$memcached->get('finelookingKey'."\n");
?>

OR

<?php
$memcached = new Memcached();
$memcached->addServer('192.168.0.1', 11211);

$memcached_keys = array(
	'finelookingKey'."\n"
);
$memcached->getMulti($memcached_keys);
?>

Expected result:
----------------
Fatal error: Maximum execution time of 30 seconds exceeded in Unknown on line 0

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-03-16 18:12 UTC] samantha at tembies dot com 
According to the memcached protocol spec (https://github.com/memcached/memcached/blob/master/doc/protocol.txt#L41), valid keys are strings not containing whitespace or control characters.

On a quick scan through the extension source, it looks like in php_memcached.c:576 (and other places) there is some key validation that checks specifically that the keys are longer than 0 bytes and do not contain literal spaces. This could be extended to match the memcached protocol spec. Quickly adding a strchr(key, '\n') causes the userspace functions to behave predictably (returning false, and Memcached::getResultCode returns MEMCACHED_BAD_KEY_PROVIDED).
 [2015-03-16 19:02 UTC] samantha at tembies dot com 
Diff of a quick and dirty change illustrating my earlier comment: https://gist.github.com/squinones/9b0c77c4685a5279187d
 [2015-03-17 17:04 UTC] samantha at tembies dot com 
PR containing sample code is open on the memcached repository. It should probably be dealt with there. 

https://github.com/php-memcached-dev/php-memcached/pull/167
 [2020-08-11 14:31 UTC] cmb@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb
 [2020-08-11 14:31 UTC] cmb@php.net 
That PR has been merged, and the issue is supposed to be fixed as
of memcached 3.0.0.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Dec 27 00:01:30 2024 UTC