php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Sec Bug #66946 fileinfo: extensive backtracking in awk rule regular expression
Submitted: 2014-03-24 07:55 UTC Modified: 2014-04-03 09:26 UTC
From: remi@php.net Assigned: remi (profile)
Status: Closed Package: Filesystem function related
PHP Version: 5.4.26 OS: irrevelant
Private report: No CVE-ID: 2013-7345
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
28 + 37 = ?
Subscribe to this entry?

 
 [2014-03-24 07:55 UTC] remi@php.net
Description:
------------
CVE-2013-7345 file: denial of service (CPU consumption) when processing certain files:

Upstream bug: http://bugs.gw.com/view.php?id=164
Upstream fix: https://github.com/file/file/commit/ef2329cf71acb59204dd981e2c6cce6c81fe467c


5.6 is not affected (magic 5.17)


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-03-24 07:56 UTC] remi@php.net
-CVE-ID: +CVE-ID: 2013-7345
 [2014-03-24 08:47 UTC] remi@php.net
Test script:
  <?php
  $fd = __DIR__.'/data';
  $a = str_repeat("\n", 1000000);
  file_put_contents($fd, $a);
  $fi = finfo_open(FILEINFO_NONE);
  var_dump(finfo_file($fi, $fd));
  finfo_close($fi);

Without the patch
  $ time php -n -d extension=fileinfo.so /tmp/foo.php 
  string(10) "ASCII text"
  real    0m18.636s

With the patch applied
  $ time php -n -d extension=modules/fileinfo.so /tmp/foo.php 
  string(10) "ASCII text"
  real    0m0.470s
 [2014-03-24 09:15 UTC] remi@php.net
Compressed patch:
http://remi.fedorapeople.org/data-file.patch.xz
 [2014-03-25 09:58 UTC] remi@php.net
-Summary: denial of service (CPU consumption) when processing certain files +Summary: fileinfo: extensive backtracking in awk rule regular expression -Assigned To: +Assigned To: remi
 [2014-03-25 10:16 UTC] remi@php.net
-Status: Assigned +Status: Closed
 [2014-04-10 04:47 UTC] tyrael@php.net
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src.git;a=commit;h=4374a52e9d13c480b4620c80a48591c6f883664b
Log: Fixed bug #66946 extensive backtracking in awk rule regular expression CVE-2013-7345
 [2014-04-10 04:47 UTC] tyrael@php.net
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src.git;a=commit;h=1df558c6a03f82c7ffa42bc0a49b4561d3cceb92
Log: Fixed bug #66946 extensive backtracking in awk rule regular expression CVE-2013-7345
 [2014-10-07 23:15 UTC] stas@php.net
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=4374a52e9d13c480b4620c80a48591c6f883664b
Log: Fixed bug #66946 extensive backtracking in awk rule regular expression CVE-2013-7345
 [2014-10-07 23:15 UTC] stas@php.net
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=1df558c6a03f82c7ffa42bc0a49b4561d3cceb92
Log: Fixed bug #66946 extensive backtracking in awk rule regular expression CVE-2013-7345
 [2014-10-07 23:26 UTC] stas@php.net
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=4374a52e9d13c480b4620c80a48591c6f883664b
Log: Fixed bug #66946 extensive backtracking in awk rule regular expression CVE-2013-7345
 [2014-10-07 23:26 UTC] stas@php.net
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=1df558c6a03f82c7ffa42bc0a49b4561d3cceb92
Log: Fixed bug #66946 extensive backtracking in awk rule regular expression CVE-2013-7345
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 09:01:30 2024 UTC