php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #40273 System slow down in php 5.2.0
Submitted: 2007-01-29 13:29 UTC Modified: 2007-01-29 14:18 UTC
From: Jenei dot Viktor dot Attila at stud dot u-szeged dot hu Assigned:
Status: Not a bug Package: Performance problem
PHP Version: 5.2.0 OS: Win32, Linux
Private report: No CVE-ID: None
 [2007-01-29 13:29 UTC] Jenei dot Viktor dot Attila at stud dot u-szeged dot hu
Description:
------------
In the bcmatch module can found a function called bcpow. If you called
this with a big exponent, the compute will take a long. If you load this
script many times, the system will hang up. The set_time_limit value don't
help, because it is not an interpreted code.
This code only usefull, if the attacker want to reboot/halt the server by
the administrator.

Reproduce code:
---------------
denial_of_service.php:
<?php
echo bcpow(9,9999999);
?>



Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-01-29 13:36 UTC] tony2001@php.net
bcmath extension uses libbcmath, which actually does those math operations and we apparently cannot fix or improve this third-party library.
There were no changes in ext/bcmath for years, so I doubt that it's appeared in 5.2.0.
Not PHP problem.
 [2007-01-29 14:18 UTC] Jenei dot Viktor dot Attila at stud dot u-szeged dot hu
But no time limit when you use third party library? (php interpreter don't count the time?)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 26 19:01:30 2024 UTC