php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Sec Bug #66946 fileinfo: extensive backtracking in awk rule regular expression
Submitted: 2014-03-24 07:55 UTC Modified: 2014-04-03 09:26 UTC
From: remi@php.net Assigned: remi (profile)
Status: Closed Package: Filesystem function related
PHP Version: 5.4.26 OS: irrevelant
Private report: No CVE-ID: 2013-7345
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: remi@php.net
New email:
PHP Version: OS:

 

 [2014-03-24 07:55 UTC] remi@php.net
Description:
------------
CVE-2013-7345 file: denial of service (CPU consumption) when processing certain files:

Upstream bug: http://bugs.gw.com/view.php?id=164
Upstream fix: https://github.com/file/file/commit/ef2329cf71acb59204dd981e2c6cce6c81fe467c


5.6 is not affected (magic 5.17)


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-03-24 07:56 UTC] remi@php.net
-CVE-ID: +CVE-ID: 2013-7345
 [2014-03-24 08:47 UTC] remi@php.net
Test script:
  <?php
  $fd = __DIR__.'/data';
  $a = str_repeat("\n", 1000000);
  file_put_contents($fd, $a);
  $fi = finfo_open(FILEINFO_NONE);
  var_dump(finfo_file($fi, $fd));
  finfo_close($fi);

Without the patch
  $ time php -n -d extension=fileinfo.so /tmp/foo.php 
  string(10) "ASCII text"
  real    0m18.636s

With the patch applied
  $ time php -n -d extension=modules/fileinfo.so /tmp/foo.php 
  string(10) "ASCII text"
  real    0m0.470s
 [2014-03-24 09:15 UTC] remi@php.net
Compressed patch:
http://remi.fedorapeople.org/data-file.patch.xz
 [2014-03-25 09:58 UTC] remi@php.net
-Summary: denial of service (CPU consumption) when processing certain files +Summary: fileinfo: extensive backtracking in awk rule regular expression -Assigned To: +Assigned To: remi
 [2014-03-25 10:16 UTC] remi@php.net
-Status: Assigned +Status: Closed
 [2014-04-10 04:47 UTC] tyrael@php.net
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src.git;a=commit;h=4374a52e9d13c480b4620c80a48591c6f883664b
Log: Fixed bug #66946 extensive backtracking in awk rule regular expression CVE-2013-7345
 [2014-04-10 04:47 UTC] tyrael@php.net
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src.git;a=commit;h=1df558c6a03f82c7ffa42bc0a49b4561d3cceb92
Log: Fixed bug #66946 extensive backtracking in awk rule regular expression CVE-2013-7345
 [2014-10-07 23:15 UTC] stas@php.net
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=4374a52e9d13c480b4620c80a48591c6f883664b
Log: Fixed bug #66946 extensive backtracking in awk rule regular expression CVE-2013-7345
 [2014-10-07 23:15 UTC] stas@php.net
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=1df558c6a03f82c7ffa42bc0a49b4561d3cceb92
Log: Fixed bug #66946 extensive backtracking in awk rule regular expression CVE-2013-7345
 [2014-10-07 23:26 UTC] stas@php.net
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=4374a52e9d13c480b4620c80a48591c6f883664b
Log: Fixed bug #66946 extensive backtracking in awk rule regular expression CVE-2013-7345
 [2014-10-07 23:26 UTC] stas@php.net
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=1df558c6a03f82c7ffa42bc0a49b4561d3cceb92
Log: Fixed bug #66946 extensive backtracking in awk rule regular expression CVE-2013-7345
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 11:01:28 2024 UTC