ID: 15153 Updated by: sander Reported By: [EMAIL PROTECTED] Status: Open Old Bug Type: *Directory/Filesystem functions Bug Type: Documentation problem Operating System: Linux 2.2.20 (Redhat 5.2) PHP Version: 4.1.1 New Comment:
Reclassified as a documentation problem. Previous Comments: ------------------------------------------------------------------------ [2002-01-21 16:23:16] [EMAIL PROTECTED] A piece of code that you have at http://www.php.net/manual/en/function.readdir.php leads to system DoS with php-4.1.1, Linux 2.2.20, apache 1.3.22: Example 1. List all files in the current directory <?php $handle=opendir('.'); echo "Directory handle: $handle\n"; echo "Files:\n"; while (false !== ($file = readdir($handle))) { echo "$file\n"; } closedir($handle); ?> When this code is executed, php enters a loop writing this line to the log file an infinite number of times: [date] PHP Warning: Supplied argument is not a valid Directory resource in /path/to/script.php on line 5. Httpd uses all processor time and finally fills the partition in which the log file is located. The problem seems to be the dot in the function call because the script works normally if the dot is replaced with an absolute path name. My apacle 1.3.22 web server includes the following modules: mod_ssl 2.8.5, mod_perl 1.26, php-3.0.18, php-4.1.1. Php-4.1.1 has been compiled as a dynamic module with the following options: --enable-versioning --with-apxs --with-mysql --with-xml --enable-calendar --enable-memory-limit --enable-session --enable-safe-mode --with-openssl --enable-bcmath --with-gd I also tried this with php-4.0.6 and the result is the same. ------------------------------------------------------------------------ Edit this bug report at http://bugs.php.net/?id=15153&edit=1 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
