Edit report at https://bugs.php.net/bug.php?id=61068&edit=1
ID: 61068 Updated by: ahar...@php.net Reported by: bald at epf dot pl Summary: Regexp crashes http server -Status: Open +Status: Feedback Type: Bug -Package: *Regular Expressions +Package: PCRE related Operating System: Windows 7 PHP Version: 5.3.10 Block user comment: N Private report: N New Comment: Thank you for this bug report. To properly diagnose the problem, we need a backtrace to see what is happening behind the scenes. To find out how to generate a backtrace, please read http://bugs.php.net/bugs-generating-backtrace.php for *NIX and http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32 Once you have generated a backtrace, please submit it to this bug report and change the status back to "Open". Thank you for helping us make PHP better. Works for me, too. I don't think we can really progress this without a backtrace. Previous Comments: ------------------------------------------------------------------------ [2012-02-13 11:37:25] bald at epf dot pl Apache version: 2.2.22 I downloaded thread safe version of PHP. Works fine when I use command line: php test.php ------------------------------------------------------------------------ [2012-02-13 10:43:55] bald at epf dot pl Sorry, it's Windows 7. Apache logs does not really say anything. This regular expression just kills my httpd.exe proccess. Works fine without character < at the begining of the $string variable. ------------------------------------------------------------------------ [2012-02-13 09:01:19] ras...@php.net I was unable to reproduce any sort of Apache crash with this code on Linux. Are you really on XP? What does it say in your Apache logs? ------------------------------------------------------------------------ [2012-02-13 08:53:02] bald at epf dot pl Description: ------------ Regular expression crashes http server. It's all because character < at the beginning of te string. Test script: --------------- <?php $string = '< PASS_COUNT; i++) { if (strcmp(password, PASSWD2) == 0) continue; } c++; if (c == 3) break; } // Tu wlasciwe sprawdzanie hasla }dku gdy liczy sie wydajnosc, gdyz petle zabieraja niestety troche czasu :( ale jest to niewiele i w sumie to nie czuc roznicy. Kolejna sprawa jest sposob porownywania hasla. NIGDY nie dokonuj deszyfracji klucza w programie (mam nadzieje ze chociaz szyfrujesz klucze :)). Jest to pierwsza i najwazniejsza zasada ! Wiec jak sprawdzic czy wprowadzony klucz jest poprawny. Zaszyfruj go i porownaj zaszyfrowane klucze. Ktos kto sledzi Twoj program ma wtedy utrudnione zadanie, a gdy poprawny klucz jest deszyfrowany to ktos sobie przejdzie do momentu az klucz bedzie zdeszyforwany i tylko go spisze. Od metody szyfracji zalezy bezpieczenstwo Twojego programu wiec staraj sie dobierac algorytm, ktory dobrze szyfruje (nie mowie tu o Triple-DES itp. ;) ). Marzeniem bylby algorytm jednostronny, ktorego odszyfrowania jest trudniejsze niz brute-force ale na to nie licz. Najlepiej '; preg_match('~(</?)(\w*)((/(?!>)|[^/>])*)(/?>)~', $string, $matches); ?> Expected result: ---------------- Blank page. Actual result: -------------- Apache fails. ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=61068&edit=1
