ID: 15292
Comment by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Bogus
Bug Type: Apache related
Operating System: RedHat 7.1
PHP Version: 4.1.1
New Comment:
Ok, so if someone is running a site (For users) the users could do this
and cause sites to go down with just a few lines of code?
adding include_once; didn't work unless it occompanied by return;
eg...
//test (This is where the bug starts.)
default:
$file="$loca/bug2.php";
return;
}
include_once($file);
There should be some sort of limit on this? Unless there is and I don't
know of it. if there is I'm sorry. I have searched for something like
this and haven't come across anything.
Jason
Previous Comments:
------------------------------------------------------------------------
[2002-01-30 02:41:58] [EMAIL PROTECTED]
User include_once to prevent this... not a bug > bogus.
Derick
------------------------------------------------------------------------
[2002-01-30 02:32:43] [EMAIL PROTECTED]
Ok, so there is no way to really stop this? Just let it continue
forever? (Until you restart apache?)
Cause yes that is basicly it, it just includes the file over and over.
------------------------------------------------------------------------
[2002-01-30 02:18:00] [EMAIL PROTECTED]
Status should have been feedback.
------------------------------------------------------------------------
[2002-01-30 02:10:12] [EMAIL PROTECTED]
Correct me I am wrong, but you seem to be saying that your
script includes a file via HTTP which is either itself or
another file which includes itself or the original (I cannot
tell from your description). But yes, if a script needs to
include itself than that will create an infinite loop.
There is no way that the scripting engine could preemptively
terminate this loop when HTTP based includes are being used.
Reopen if I have mis-understood.
------------------------------------------------------------------------
[2002-01-30 01:59:42] [EMAIL PROTECTED]
<?
$loca="http://www.bloodheart.com/php";;
switch ($id)
{
//test1
case blank1:
$file="$loca/blank1";
break;
//test2
case blank2:
$file="$loca/blank2";
break;
//test (This is where the bug starts.)
// Note if you copy this file to another file and set the default as
thatfilename (with .php ext)
// Then spawns maxclients for apache, and stays that way forever,
a very nasy loop. or until you restart apache
// *Example*
// default:
// $file="$loca/bug2.php";
default:
$file="$loca/blank3";
break;
}
?>
--CONFIGLINE
./configure --with-mysql=/usr/local/mysql \
--enable-track-vars \
--with-apache=../apache_1.3.22 \
--with-mm=../mm-1.1.3 \
--with-openssl=../openssl-0.9.6c \
--with-config-file-path=/usr/local/lib/php
I don't recall this happening with an earlier version of php.
This just started with 4.1.1
If you need anymore information please let me know
------------------------------------------------------------------------
Edit this bug report at http://bugs.php.net/?id=15292&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
