DoS passing a double number on path /node/ like

http://mydrupalsite/node/2.2250738585072011e-308

This bug is related with php #53632 bug - PHP hangs on numeric value 2.2250738585072011e-308 -

http://bugs.php.net/bug.php?id=53632

Comments

manoelhc’s picture

manoelhc commented
Title: Denial of Service using an double number on path /node/ » Denial of Service passing a double number on path /node/
manoelhc’s picture

manoelhc commented
Title: Denial of Service passing a double number on path /node/ » Denial of Service on passing a double number on path /node/
jgknight’s picture

jgknight commented

I wouldn't call it critical... php eventually times out and serves a 404 not found, and the site is still accessible to other users so I wouldn't call this a denial of service. Plus it's with php not drupal.

Chris Charlton’s picture

Chris Charlton
Primary language English
Location Los Angeles
commented

I read about PHP having an issue with that number. http://www.exploringbinary.com/php-hangs-on-numeric-value-2-225073858507...

paul kim consulting’s picture

paul kim consulting commented

This is a serious bug! It has the potential to bring down an entire production site.

This is the original blog post about this php bug: http://www.exploringbinary.com/php-hangs-on-numeric-value-2-225073858507...

manoelhc’s picture

manoelhc commented

Well, I got this bug just passing this number on $_GET['q']

manoelhc’s picture

manoelhc commented

It's a PHP bug, but I think it can be avoid just checking variable types, not?

chx’s picture

chx commented
Status: Active » Closed (won't fix)

Drupal can not possibly fix this. Recompile your PHP with either -O0 or -O2 -ffloat-store, optionally grab a branch tip from php svn because it been fixed a couple hours ago and compile that.