RE: [security] PHP has DoS vuln with large decimal points

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> -----Original Message-----
> From: Daevid Vincent [mailto:daevid@xxxxxxxxxx]
> Sent: Wednesday, January 05, 2011 11:36 AM
> To: php-general@xxxxxxxxxxxxx
> Subject:  [security] PHP has DoS vuln with large decimal points
> 
> The error in the way floating-point and double-precision numbers are
> handled sends 32-bit systems running Linux, Windows, and FreeBSD into an
> infinite loop that consumes 100 percent of their CPU's resources.
> Developers are still investigating, but they say the bug appears to affect
> versions 5.2 and 5.3 of PHP. They say it could be trivially exploited on
many
> websites to cause them to crash by adding long numbers to certain URLs.
> 
> <?php $d = 2.2250738585072011e-308; ?>
> 
> The crash is also triggered when the number is expressed without
scientific
> notation, with 324 decimal places.
> 
> Read on...
> 
> http://www.theregister.co.uk/2011/01/04/weird_php_dos_vuln/
> 
> --
> Daevid Vincent
> http://daevid.com
> 
> There are only 11 types of people in this world. Those that think binary
> jokes are funny, those that don't, and those that don't know binary.
> 

"The size of a float is platform-dependent, although a maximum of ~1.8e308
with a precision of roughly 14 decimal digits is a common value (the 64 bit
IEEE format)."  From [1].  The example given is clearly over the limit
within the PHP core.

This sounds like what I was mentioning before, in a different thread, about
URL hacking to induce buffer overflow.

Regards,
Tommy

[1] http://www.php.net/manual/en/language.types.float.php


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux