Armenian Knowledge Base  

Go Back   Armenian Knowledge Base > Technical sections > Webmaster Zone > Web Development
Register

Reply
 
LinkBack Thread Tools
Old 30.07.2004, 16:32   #1
панаехавший
 
Obelix's Avatar
 
Join Date: 06 2003
Location: форпост
Age: 30
Posts: 4,007
Downloads: 0
Uploads: 0
Reputation: 0 | 0
Default Apache/php problem

Ok, I don't have much time do a lot of investigation.

Below goes some recursive code. It causes apache.exe to crash when php5 is loaded as a module and php.exe to crash if the latter is run as a cgi executable.

I find that the problem is in the recursion itself, though other recursive code goes well. Can anybody help?

PHP Code:
    function DigCondition() {
        static 
$i=0;
        
        
$start 0;
        
        
// DEBUG
        
static $instance;
        
$instance ++;
                
// END DEBUG */
        
        
for($i;$i<count($this->tpl_arr);$i++) {
            if(
preg_match("/{if ([\s\S]+)}/",trim($this->tpl_arr[$i]),$extracted)) {
                
$start $i;
                
                
$this->DigCondition();
                
                if(!
$this->CheckCond($extracted[1])) {
                    for(
$j=$start;$j<=$i;$j++) {
                        
$this->tpl_arr[$i]='';
                    }
                }
            }
            
            if(
preg_match("/{else}/",trim($this->tpl_arr[$i]))) {
                    
            }
            
            if(
preg_match("/{endif}/",trim($this->tpl_arr[$i]))) {
                
$this->tpl_arr[$i]='';
                return;
            }
        } 
//for
    
//DigCondition() 
__________________
Իսկ ԴՈՒ արդեն վաճառե՞լ ես Հայրենիքդ ռուսներին:
My Exchange Rate Monitor | Իմ Արտարժույթի Մոնիտորը
Reply With Quote
Old 31.07.2004, 10:32   #2
панаехавший
 
Obelix's Avatar
 
Join Date: 06 2003
Location: форпост
Age: 30
Posts: 4,007
Downloads: 0
Uploads: 0
Reputation: 0 | 0
Default

I did a couplee of tests. Seems php.exe crashes when thrown into an infinite recursion cycle. Btw, the same happens with 4.x.x .

Can anybody confirm or try that on a linux box?
Reply With Quote
Old 31.07.2004, 10:55   #3
Moderator
 
acid's Avatar
 
Join Date: 09 2001
Location: South Korea, Gumi
Posts: 7,699
Downloads: 102
Uploads: 34
Blog Entries: 16
Reputation: 561 | 6
Default

So the problem is to prevent code from running into infinite recursion or to teach php not to crash?

It's kinda hard to test this code, since in my understanding this is a part of some class, where the other member variables and functions are being used. In order to be able to test this code you should provide either the full class with testing part or simplified extraction of problematic part.
Reply With Quote
Old 31.07.2004, 11:50   #4
панаехавший
 
Obelix's Avatar
 
Join Date: 06 2003
Location: форпост
Age: 30
Posts: 4,007
Downloads: 0
Uploads: 0
Reputation: 0 | 0
Default

No, actually you don't need the whole class, the following code will end up with an exception.
Code:
<?php
function foo() {
foo();
}

foo();
?>
Actually sending the script into an infinite recursive cycle is not in my interests however I would expect this to be a bug.
Reply With Quote
Old 31.07.2004, 15:11   #5
Moderator
 
acid's Avatar
 
Join Date: 09 2001
Location: South Korea, Gumi
Posts: 7,699
Downloads: 102
Uploads: 34
Blog Entries: 16
Reputation: 561 | 6
Default

I won't consider this is as a bug, because the program's stack can't be made of rubber. Stack overflow is a common thing and developer's responsibility is to prevent such situations. Throwing an exception is proper thing in this case, so developer will know that there is potential unsafe place in his code.

Cheers.
Reply With Quote
Old 31.07.2004, 15:48   #6
панаехавший
 
Obelix's Avatar
 
Join Date: 06 2003
Location: форпост
Age: 30
Posts: 4,007
Downloads: 0
Uploads: 0
Reputation: 0 | 0
Default

Quote:
Originally Posted by acid
I won't consider this is as a bug, because the program's stack can't be made of rubber. Stack overflow is a common thing and developer's responsibility is to prevent such situations. Throwing an exception is proper thing in this case, so developer will know that there is potential unsafe place in his code.

Cheers.
Now, I don't know how vulnerable can the stack overflow be, however, if it is more vulnerable than something a php script is aught to be able to do there is space for concern.

After all, there are a lot of vulnerable scripts around the web which will let you execute php script on the server, but generally that won't be of much good to the bad guy. But what if the bad guy gets off executing php code resulting in a stack overflow? ...
Reply With Quote
Sponsored Links
Reply

Thread Tools


На правах рекламы:
реклама

All times are GMT. The time now is 09:54.


Powered by vBulletin® Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.