extensive backtracking in awk rule regular expression
[2014-03-24 07:56 UTC] remi@php.net
-CVE-ID: +CVE-ID: 2013-7345
[2014-03-24 08:47 UTC] remi@php.net
Test script: <?php $fd = __DIR__.'/data'; $a = str_repeat("\n", 1000000); file_put_contents($fd, $a); $fi = finfo_open(FILEINFO_NONE); var_dump(finfo_file($fi, $fd)); finfo_close($fi); Without the patch $ time php -n -d extension=fileinfo.so /tmp/foo.php string(10) "ASCII text" real 0m18.636s With the patch applied $ time php -n -d extension=modules/fileinfo.so /tmp/foo.php string(10) "ASCII text" real 0m0.470s
[2014-03-25 09:58 UTC] remi@php.net
-Summary: denial of service (CPU consumption) when processing certain files +Summary: fileinfo: extensive backtracking in awk rule regular expression -Assigned To: +Assigned To: remi
[2014-03-25 10:16 UTC] remi@php.net
-Status: Assigned +Status: Closed
[2014-03-24 07:56 UTC] remi@php.net
-CVE-ID: +CVE-ID: 2013-7345
[2014-03-24 08:47 UTC] remi@php.net
Test script: <?php $fd = __DIR__.'/data'; $a = str_repeat("\n", 1000000); file_put_contents($fd, $a); $fi = finfo_open(FILEINFO_NONE); var_dump(finfo_file($fi, $fd)); finfo_close($fi); Without the patch $ time php -n -d extension=fileinfo.so /tmp/foo.php string(10) "ASCII text" real 0m18.636s With the patch applied $ time php -n -d extension=modules/fileinfo.so /tmp/foo.php string(10) "ASCII text" real 0m0.470s[2014-03-25 09:58 UTC] remi@php.net
-Summary: denial of service (CPU consumption) when processing certain files +Summary: fileinfo: extensive backtracking in awk rule regular expression -Assigned To: +Assigned To: remi
[2014-03-25 10:16 UTC] remi@php.net
-Status: Assigned +Status: Closed