php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #61068 Regexp crashes http server
Submitted: 2012-02-13 08:53 UTC Modified: 2012-02-22 09:49 UTC
From: bald at epf dot pl Assigned:
Status: Not a bug Package: PCRE related
PHP Version: 5.3.10 OS: Windows 7
Private report: No CVE-ID: None
View Developer Edit
 [2012-02-13 08:53 UTC] bald at epf dot pl 
Description:
------------
Regular expression crashes http server. It's all because character < at the beginning of te string.

Test script:
---------------
<?php

$string = '< PASS_COUNT; i++) { if (strcmp(password, PASSWD2) == 0) continue;	 } c++; if (c == 3) break; }	 // Tu wlasciwe sprawdzanie hasla }dku gdy liczy sie wydajnosc, gdyz petle zabieraja niestety troche czasu :( ale jest to niewiele i w sumie to nie czuc roznicy. Kolejna sprawa jest sposob porownywania hasla. NIGDY nie dokonuj deszyfracji klucza w programie (mam nadzieje ze chociaz szyfrujesz klucze :)). Jest to pierwsza i najwazniejsza zasada ! Wiec jak sprawdzic czy wprowadzony klucz jest poprawny. Zaszyfruj go i porownaj zaszyfrowane klucze. Ktos kto sledzi Twoj program ma wtedy utrudnione zadanie, a gdy poprawny klucz jest deszyfrowany to ktos sobie przejdzie do momentu az klucz bedzie zdeszyforwany i tylko go spisze. Od metody szyfracji zalezy bezpieczenstwo Twojego programu wiec staraj sie dobierac algorytm, ktory dobrze szyfruje (nie mowie tu o Triple-DES itp. ;) ). Marzeniem bylby algorytm jednostronny, ktorego odszyfrowania jest trudniejsze niz brute-force ale na to nie licz. Najlepiej ';
preg_match('~(</?)(\w*)((/(?!>)|[^/>])*)(/?>)~', $string, $matches);

?>

Expected result:
----------------
Blank page.

Actual result:
--------------
Apache fails.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-02-13 09:01 UTC] rasmus@php.net
-Status: Open +Status: Feedback
 [2012-02-13 09:01 UTC] rasmus@php.net 
I was unable to reproduce any sort of Apache crash with this code on Linux. Are 
you really on XP? What does it say in your Apache logs?
 [2012-02-13 10:43 UTC] bald at epf dot pl 
Sorry, it's Windows 7. Apache logs does not really say anything. This regular expression just kills my httpd.exe proccess. Works fine without character < at the begining of the $string variable.
 [2012-02-13 10:43 UTC] bald at epf dot pl
-Status: Feedback +Status: Open -Operating System: Windows XP +Operating System: Windows 7
 [2012-02-13 11:37 UTC] bald at epf dot pl 
Apache version: 2.2.22
I downloaded thread safe version of PHP. 

Works fine when I use command line:

php test.php
 [2012-02-15 00:57 UTC] aharvey@php.net
-Status: Open +Status: Feedback -Package: *Regular Expressions +Package: PCRE related
 [2012-02-15 00:57 UTC] aharvey@php.net 
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

Works for me, too. I don't think we can really progress this without a backtrace.
 [2012-02-22 07:37 UTC] pajoye@php.net 
It is not something PHP is responsible for. The stacksize of Apache is too 
small, it works in PHP's cli because PHP builds have a larger default stacksize.

You can increase it using this config option:

http://httpd.apache.org/docs/2.2/mod/mpm_common.html#ThreadStackSize

or change the default stacksize of the Apache binaries:

http://msdn.microsoft.com/en-us/library/xd3shwhf.aspx
 [2012-02-22 07:37 UTC] pajoye@php.net
-Status: Feedback +Status: Not a bug
 [2012-02-22 08:29 UTC] JBlond at gmail dot com 
It would be cool to know which ThreadStackSize in the httpd.conf is "enough" to run your code.
 [2012-02-22 09:16 UTC] pajoye@php.net 
@jbond

simply increase the apache binaries default stack to 8MB (process) using editbin 
and it should work for most php users.
 [2012-02-22 09:49 UTC] bald at epf dot pl 
Setting ThreadStackSize to 295536 works for me (Windows 7). Thanks. 

P.S. This regular expression (~(</?)(\w*)((/(?!>)|[^/>])*)(/?>)~) comes from Zend 
Framework (HTML filter class), so that may cause problems on application based on 
Zend Framework.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun Nov 24 23:01:32 2024 UTC