> -----Original Message----- > From: Daevid Vincent [mailto:daevid@xxxxxxxxxx] > Sent: Wednesday, January 05, 2011 11:36 AM > To: php-general@xxxxxxxxxxxxx > Subject: [security] PHP has DoS vuln with large decimal points > > The error in the way floating-point and double-precision numbers are > handled sends 32-bit systems running Linux, Windows, and FreeBSD into an > infinite loop that consumes 100 percent of their CPU's resources. > Developers are still investigating, but they say the bug appears to affect > versions 5.2 and 5.3 of PHP. They say it could be trivially exploited on many > websites to cause them to crash by adding long numbers to certain URLs. > > <?php $d = 2.2250738585072011e-308; ?> > > The crash is also triggered when the number is expressed without scientific > notation, with 324 decimal places. > > Read on... > > http://www.theregister.co.uk/2011/01/04/weird_php_dos_vuln/ > > -- > Daevid Vincent > http://daevid.com > > There are only 11 types of people in this world. Those that think binary > jokes are funny, those that don't, and those that don't know binary. > "The size of a float is platform-dependent, although a maximum of ~1.8e308 with a precision of roughly 14 decimal digits is a common value (the 64 bit IEEE format)." From [1]. The example given is clearly over the limit within the PHP core. This sounds like what I was mentioning before, in a different thread, about URL hacking to induce buffer overflow. Regards, Tommy [1] http://www.php.net/manual/en/language.types.float.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
