RE: [security] PHP has DoS vuln with large decimal points

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> -----Original Message-----
> From: Tommy Pham [mailto:tommyhp2@xxxxxxxxx]
> Sent: Sunday, January 16, 2011 4:18 PM
> To: 'php-general@xxxxxxxxxxxxx'
> Subject: RE:  [security] PHP has DoS vuln with large decimal points
> 

<snip>

> 
> I found something really weird while coding a validator for floating
> protection protection.
> 
> Case 1 - known DoS / PHP hangs in infinite loop:
> 
>   $value = '2.2250738585072011e-308';
>   var_dump(floatval($value));
> 
> Case 2 - works fine:
> 
>   $value = '2.2250738585072011e-307';
> or
>   $value = '2.2250738585072011e-309';
> or
>   $value = '2.225073858507201e-308';
> 
>   var_dump(floatval($value));
> 
> I'd expect the '2.2250738585072011e-309' to hang also on my Win x64 with
> PHP FastCGI.  I haven't test it on *nix platform yet.   Could someone
please
> confirm this?
> 
> Thanks,
> Tommy

Here are the results after some further tests for the same platform:

* max float value: 1.7976931348623E+308
* min float value:  9.8813129168249E-324  <<
floatval('1.0000000000000000000000e-323') weird ...

PHP wil hang when the value is between (inclusive)

floatval('2.22507385850720102e-308')  -
floatval('2.22507385850720113e-308')

I can't find the bug report for the issue @ bugs.php.net.  Does anyone know
if one is submitted?  I should submit one?  Sucribe to dev list and go from
there?

Thanks,
Tommy



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux