php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #58865 adServer() host with port results in DNS DOS
Submitted: 2009-09-22 21:29 UTC Modified: 2011-05-15 02:44 UTC
From: php at isnoop dot net Assigned: jluedke (profile)
Status: Closed Package: gearman (PECL)
PHP Version: 5.2.10 OS: Ubuntu 8.04 server
Private report: No CVE-ID: None
 [2009-09-22 21:29 UTC] php at isnoop dot net
Description:
------------
When calling addServer, an invalid hostname such as one with a port number attached will result in thousands of DNS requests each second in an unending loop.

Reproduce code:
---------------
/* create our object */
$gmclient= new GearmanClient();

/* add the default server */
$gmclient->addServer('localhost:1234');

Expected result:
----------------
Either the port number is parsed out and used or an error is returned due to invalid hostname syntax.

Actual result:
--------------
About 5,000 DNS requests per second:

$ tcpdump -n -i eth0 'port 53'
...
17:31:16.501044 IP 172.16.20.230.53 > 172.16.25.49.37430: 60340 NXDomain 0/0/0 (38)
17:31:16.501146 IP 172.16.25.49.47156 > 172.16.20.230.53: 60635+ A? localhost:234.dd.dev. (38)
17:31:16.501360 IP 172.16.20.230.53 > 172.16.25.49.47156: 60635 NXDomain 0/0/0 (38)
17:31:16.501462 IP 172.16.25.49.38943 > 172.16.20.230.53: 3839+ A? localhost:234.dd.dev. (38)
17:31:16.501685 IP 172.16.20.230.53 > 172.16.25.49.38943: 3839 NXDomain 0/0/0 (38)
17:31:16.501788 IP 172.16.25.49.41454 > 172.16.20.230.53: 52330+ A? localhost:234.dd.dev. (38)
17:31:16.502009 IP 172.16.20.230.53 > 172.16.25.49.41454: 52330 NXDomain 0/0/0 (38)
17:31:16.502111 IP 172.16.25.49.34741 > 172.16.20.230.53: 55568+ A? localhost:234.dd.dev. (38)
17:31:16.502339 IP 172.16.20.230.53 > 172.16.25.49.34741: 55568 NXDomain 0/0/0 (38)
17:31:16.502442 IP 172.16.25.49.35172 > 172.16.20.230.53: 56349+ A? localhost:234.dd.dev. (38)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-10-01 03:48 UTC] contact at jamesluedke dot com
This is a bug in libgearman. I am told a fix is on the way.

-jluedke
 [2011-05-15 02:44 UTC] hradtke@php.net
Closing this as it is not a bug with the pecl/gearman extension.
 [2011-07-05 05:29 UTC] polska at gunnebo dot com
Great stuff, you hlpeed me out so much!
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Mon Jan 20 09:01:23 2020 UTC