php-general Digest 17 Jan 2011 08:17:47 -0000 Issue 7137
Topics (messages 310807 through 310816):
Re: email list 101
310807 by: Paul M Foster
Re: PHP tutorials
310808 by: Paul M Foster
310816 by: Geoffrey Van Wyk
Re: [security] PHP has DoS vuln with large decimal points
310809 by: Tommy Pham
310810 by: Tommy Pham
310811 by: Jim Lucas
310812 by: Daniel Brown
310813 by: Tommy Pham
310815 by: Tommy Pham
Re: [PHP-DEV] Re: [PHP] [security] PHP has DoS vuln with large decimal points
310814 by: Mike Robinson
Administrivia:
To subscribe to the digest, e-mail:
[email protected]
To unsubscribe from the digest, e-mail:
[email protected]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
On Sun, Jan 16, 2011 at 10:09:03AM -0500, Kirk Bailey wrote:
> So, in php, I want a program to handle sending out a mail list. All this
> is going to do is be a filter to exclude non subscribers, and send a
> copy to every person in the subscriber file. This is pretty simple in
> python, but this is not my mother tounge we speak here, so let's talk in
> php instead.
>
> If the submission does not come from a member, the script simply aborts.
> So the script should read the subscriber file, and if the source From:
> does not appear there, DIE. If it is there, walk the array and send a
> copy there, then end.
>
> Now how to do this in php? Is there an off the shelf solution?
There are some non-obvious issues, like throttling, which would attach
to this kind of project. Failure to consider them all might sink you.
If you simply wanted to be able to send emails from you to a bunch of
people on a list, I'd suggest PHPList. But if you want anyone to be able
to submit those emails, I'd suggest either Majordomo (Perl) or Mailman
(Python). If there's a comparable PHP solution, I'm not aware of it.
Paul
--
Paul M. Foster
http://noferblatz.com
--- End Message ---
--- Begin Message ---
On Sun, Jan 16, 2011 at 01:26:07PM -0500, tedd wrote:
> Hi gang:
>
> In the past we talked about PHP tutorials, but I don't remember if
> there was a single clearinghouse/link for them or not -- is there
> one? If not, what do you recommend?
>
> Disclaimer: This is a clear solicitation by me for help with my PHP
> class. I will be teaching this class at my local college starting
> this semester. Please realize this is the first time my local college
> has considered PHP anything of importance.
>
> In the past, the college has been totally ingrained in .NET (i.e.,
> APS, VB, C#). They believe their focus should be teaching students
> what the Corporate World wants and those needs have been defined by
> the State of Michigan and General Motors. Considering that neither of
> those institutions are financially solvent, other avenues are being
> considered.
>
> I know I can Google for "PHP tutorials", but I am looking for
> recommendations from this list as to which tutorials/references are
> the best.
I'm not sure that I wouldn't simply take one of the basic books on PHP
(like an O'Reilly) and simply follow along with how it approaches the
subject.
You might also investigate a kid named Bucky Roberts on Youtube. His
channel on Youtube is:
http://youtube.com/user/thenewboston
He has tutorials on a wide variety of languages, including PHP. Check
the playlists link on his home page (above) and look for the PHP
tutorials playlist. It appears that he doesn't do a complete work-up of
the whole language (I haven't watched the PHP tutorials), but the other
stuff he's done seems pretty basic and thorough.
If you decide to do your own video tutorials, I'd strongly suggest
hosting them at Youtube. Let them worry about traffic, bandwidth, etc.
I'd also suggest students make heavy use of the php.net/manual/en/ tree,
since (as has been frequently noted) it's some of the best programming
language documentation on the web.
Paul
--
Paul M. Foster
http://noferblatz.com
--- End Message ---
--- Begin Message ---
I like www.phpexercises.com.
On 1/17/11, Paul M Foster <[email protected]> wrote:
> On Sun, Jan 16, 2011 at 01:26:07PM -0500, tedd wrote:
>
>> Hi gang:
>>
>> In the past we talked about PHP tutorials, but I don't remember if
>> there was a single clearinghouse/link for them or not -- is there
>> one? If not, what do you recommend?
>>
>> Disclaimer: This is a clear solicitation by me for help with my PHP
>> class. I will be teaching this class at my local college starting
>> this semester. Please realize this is the first time my local college
>> has considered PHP anything of importance.
>>
>> In the past, the college has been totally ingrained in .NET (i.e.,
>> APS, VB, C#). They believe their focus should be teaching students
>> what the Corporate World wants and those needs have been defined by
>> the State of Michigan and General Motors. Considering that neither of
>> those institutions are financially solvent, other avenues are being
>> considered.
>>
>> I know I can Google for "PHP tutorials", but I am looking for
>> recommendations from this list as to which tutorials/references are
>> the best.
>
> I'm not sure that I wouldn't simply take one of the basic books on PHP
> (like an O'Reilly) and simply follow along with how it approaches the
> subject.
>
> You might also investigate a kid named Bucky Roberts on Youtube. His
> channel on Youtube is:
>
> http://youtube.com/user/thenewboston
>
> He has tutorials on a wide variety of languages, including PHP. Check
> the playlists link on his home page (above) and look for the PHP
> tutorials playlist. It appears that he doesn't do a complete work-up of
> the whole language (I haven't watched the PHP tutorials), but the other
> stuff he's done seems pretty basic and thorough.
>
> If you decide to do your own video tutorials, I'd strongly suggest
> hosting them at Youtube. Let them worry about traffic, bandwidth, etc.
>
> I'd also suggest students make heavy use of the php.net/manual/en/ tree,
> since (as has been frequently noted) it's some of the best programming
> language documentation on the web.
>
> Paul
>
> --
> Paul M. Foster
> http://noferblatz.com
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
> -----Original Message-----
> From: Tommy Pham [mailto:[email protected]]
> Sent: Thursday, January 06, 2011 5:49 PM
> To: 'Daevid Vincent'
> Cc: '[email protected]'
> Subject: RE: [PHP] [security] PHP has DoS vuln with large decimal points
>
> > -----Original Message-----
> > From: Daevid Vincent [mailto:[email protected]]
> > Sent: Wednesday, January 05, 2011 11:36 AM
> > To: [email protected]
> > Subject: [PHP] [security] PHP has DoS vuln with large decimal points
> >
> > The error in the way floating-point and double-precision numbers are
> > handled sends 32-bit systems running Linux, Windows, and FreeBSD into
> > an infinite loop that consumes 100 percent of their CPU's resources.
> > Developers are still investigating, but they say the bug appears to
> > affect versions 5.2 and 5.3 of PHP. They say it could be trivially
> > exploited on many websites to cause them to crash by adding long
> numbers to certain URLs.
> >
> > <?php $d = 2.2250738585072011e-308; ?>
> >
> > The crash is also triggered when the number is expressed without
> > scientific notation, with 324 decimal places.
> >
> > Read on...
> >
> > http://www.theregister.co.uk/2011/01/04/weird_php_dos_vuln/
> >
> > --
> > Daevid Vincent
> > http://daevid.com
> >
> > There are only 11 types of people in this world. Those that think
> > binary jokes are funny, those that don't, and those that don't know
binary.
> >
>
> "The size of a float is platform-dependent, although a maximum of ~1.8e308
> with a precision of roughly 14 decimal digits is a common value (the 64
bit
> IEEE format)." From [1]. The example given is clearly over the limit
within
> the PHP core.
>
> This sounds like what I was mentioning before, in a different thread,
about
> URL hacking to induce buffer overflow.
>
> Regards,
> Tommy
>
> [1] http://www.php.net/manual/en/language.types.float.php
I found something really weird while coding a validator for floating
protection protection.
Case 1 - known DoS / PHP hangs in infinite loop:
$value = '2.2250738585072011e-308';
var_dump(floatval($value));
Case 2 - works fine:
$value = '2.2250738585072011e-307';
or
$value = '2.2250738585072011e-309';
or
$value = '2.225073858507201e-308';
var_dump(floatval($value));
I'd expect the '2.2250738585072011e-309' to hang also on my Win x64 with PHP
FastCGI. I haven't test it on *nix platform yet. Could someone please
confirm this?
Thanks,
Tommy
--- End Message ---
--- Begin Message ---
> -----Original Message-----
> From: Tommy Pham [mailto:[email protected]]
> Sent: Sunday, January 16, 2011 4:18 PM
> To: '[email protected]'
> Subject: RE: [PHP] [security] PHP has DoS vuln with large decimal points
>
<snip>
>
> I found something really weird while coding a validator for floating
> protection protection.
>
> Case 1 - known DoS / PHP hangs in infinite loop:
>
> $value = '2.2250738585072011e-308';
> var_dump(floatval($value));
>
> Case 2 - works fine:
>
> $value = '2.2250738585072011e-307';
> or
> $value = '2.2250738585072011e-309';
> or
> $value = '2.225073858507201e-308';
>
> var_dump(floatval($value));
>
> I'd expect the '2.2250738585072011e-309' to hang also on my Win x64 with
> PHP FastCGI. I haven't test it on *nix platform yet. Could someone
please
> confirm this?
>
> Thanks,
> Tommy
Here are the results after some further tests for the same platform:
* max float value: 1.7976931348623E+308
* min float value: 9.8813129168249E-324 <<
floatval('1.0000000000000000000000e-323') weird ...
PHP wil hang when the value is between (inclusive)
floatval('2.22507385850720102e-308') -
floatval('2.22507385850720113e-308')
I can't find the bug report for the issue @ bugs.php.net. Does anyone know
if one is submitted? I should submit one? Sucribe to dev list and go from
there?
Thanks,
Tommy
--- End Message ---
--- Begin Message ---
On 1/16/2011 4:18 PM, Tommy Pham wrote:
>> -----Original Message-----
>> From: Tommy Pham [mailto:[email protected]]
>> Sent: Thursday, January 06, 2011 5:49 PM
>> To: 'Daevid Vincent'
>> Cc: '[email protected]'
>> Subject: RE: [PHP] [security] PHP has DoS vuln with large decimal points
>>
>>> -----Original Message-----
>>> From: Daevid Vincent [mailto:[email protected]]
>>> Sent: Wednesday, January 05, 2011 11:36 AM
>>> To: [email protected]
>>> Subject: [PHP] [security] PHP has DoS vuln with large decimal points
>>>
>>> The error in the way floating-point and double-precision numbers are
>>> handled sends 32-bit systems running Linux, Windows, and FreeBSD into
>>> an infinite loop that consumes 100 percent of their CPU's resources.
>>> Developers are still investigating, but they say the bug appears to
>>> affect versions 5.2 and 5.3 of PHP. They say it could be trivially
>>> exploited on many websites to cause them to crash by adding long
>> numbers to certain URLs.
>>>
>>> <?php $d = 2.2250738585072011e-308; ?>
>>>
>>> The crash is also triggered when the number is expressed without
>>> scientific notation, with 324 decimal places.
>>>
>>> Read on...
>>>
>>> http://www.theregister.co.uk/2011/01/04/weird_php_dos_vuln/
>>>
>>> --
>>> Daevid Vincent
>>> http://daevid.com
>>>
>>> There are only 11 types of people in this world. Those that think
>>> binary jokes are funny, those that don't, and those that don't know
> binary.
>>>
>>
>> "The size of a float is platform-dependent, although a maximum of ~1.8e308
>> with a precision of roughly 14 decimal digits is a common value (the 64
> bit
>> IEEE format)." From [1]. The example given is clearly over the limit
> within
>> the PHP core.
>>
>> This sounds like what I was mentioning before, in a different thread,
> about
>> URL hacking to induce buffer overflow.
>>
>> Regards,
>> Tommy
>>
>> [1] http://www.php.net/manual/en/language.types.float.php
>
> I found something really weird while coding a validator for floating
> protection protection.
>
> Case 1 - known DoS / PHP hangs in infinite loop:
>
> $value = '2.2250738585072011e-308';
> var_dump(floatval($value));
>
> Case 2 - works fine:
>
> $value = '2.2250738585072011e-307';
> or
> $value = '2.2250738585072011e-309';
> or
> $value = '2.225073858507201e-308';
>
> var_dump(floatval($value));
>
> I'd expect the '2.2250738585072011e-309' to hang also on my Win x64 with PHP
> FastCGI. I haven't test it on *nix platform yet. Could someone please
> confirm this?
>
> Thanks,
> Tommy
>
>
Seems to work fine for me.
$ cat float.php
<?php
echo "Example 1\n";
$value = 2.2250738585072011e-307;
var_dump(floatval($value));
var_dump($value);
echo "Example 2\n";
$value = 2.2250738585072011e-308;
var_dump(floatval($value));
var_dump($value);
echo "Example 3\n";
$value = 2.2250738585072011e-309;
var_dump(floatval($value));
var_dump($value);
echo "Example 4\n";
$value = 2.225073858507201e-308;
var_dump(floatval($value));
var_dump($value);
?>
$ php -f float.php
Example 1
float(2.2250738585072E-307)
float(2.2250738585072E-307)
Example 2
float(2.2250738585072E-308)
float(2.2250738585072E-308)
Example 3
float(2.2250738585072E-309)
float(2.2250738585072E-309)
Example 4
float(2.2250738585072E-308)
float(2.2250738585072E-308)
$ uname -a
OpenBSD serv0.cmsws.com 4.3 GENERIC#698 i386
$ php -v
PHP 5.2.5 with Suhosin-Patch 0.9.6.2 (cli) (built: Mar 11 2008 13:08:50)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
with Suhosin v0.9.20, Copyright (c) 2002-2006, by Hardened-PHP Project
No infinite loop. I like my system... :)
Jim Lucas
--- End Message ---
--- Begin Message ---
On Sun, Jan 16, 2011 at 21:00, Tommy Pham <[email protected]> wrote:
>
> Here are the results after some further tests for the same platform:
>
> * max float value: 1.7976931348623E+308
> * min float value: 9.8813129168249E-324 <<
> floatval('1.0000000000000000000000e-323') weird ...
>
> PHP wil hang when the value is between (inclusive)
>
> floatval('2.22507385850720102e-308') -
> floatval('2.22507385850720113e-308')
>
> I can't find the bug report for the issue @ bugs.php.net. Does anyone know
> if one is submitted? I should submit one? Sucribe to dev list and go from
> there?
If in doubt, file a bug. Worse comes to worst, it will be marked
as bogus or a duplicate. For security-related things, send them to
[email protected], not to the General list. Again, if it's of no
concern, it will simply be ignored as bogus or already known.
--
</Daniel P. Brown>
Network Infrastructure Manager
Documentation, Webmaster Teams
http://www.php.net/
--- End Message ---
--- Begin Message ---
> -----Original Message-----
> From: Jim Lucas [mailto:[email protected]]
> Sent: Sunday, January 16, 2011 6:54 PM
> To: Tommy Pham
> Cc: [email protected]
> Subject: Re: [PHP] [security] PHP has DoS vuln with large decimal points
>
> On 1/16/2011 4:18 PM, Tommy Pham wrote:
> >> -----Original Message-----
> >> From: Tommy Pham [mailto:[email protected]]
> >> Sent: Thursday, January 06, 2011 5:49 PM
> >> To: 'Daevid Vincent'
> >> Cc: '[email protected]'
> >> Subject: RE: [PHP] [security] PHP has DoS vuln with large decimal
> >> points
> >>
> >>> -----Original Message-----
> >>> From: Daevid Vincent [mailto:[email protected]]
> >>> Sent: Wednesday, January 05, 2011 11:36 AM
> >>> To: [email protected]
> >>> Subject: [PHP] [security] PHP has DoS vuln with large decimal points
> >>>
> >>> The error in the way floating-point and double-precision numbers are
> >>> handled sends 32-bit systems running Linux, Windows, and FreeBSD
> >>> into an infinite loop that consumes 100 percent of their CPU's
resources.
> >>> Developers are still investigating, but they say the bug appears to
> >>> affect versions 5.2 and 5.3 of PHP. They say it could be trivially
> >>> exploited on many websites to cause them to crash by adding long
> >> numbers to certain URLs.
> >>>
> >>> <?php $d = 2.2250738585072011e-308; ?>
> >>>
> >>> The crash is also triggered when the number is expressed without
> >>> scientific notation, with 324 decimal places.
> >>>
> >>> Read on...
> >>>
> >>> http://www.theregister.co.uk/2011/01/04/weird_php_dos_vuln/
> >>>
> >>> --
> >>> Daevid Vincent
> >>> http://daevid.com
> >>>
> >>> There are only 11 types of people in this world. Those that think
> >>> binary jokes are funny, those that don't, and those that don't know
> > binary.
> >>>
> >>
> >> "The size of a float is platform-dependent, although a maximum of
> >> ~1.8e308 with a precision of roughly 14 decimal digits is a common
> >> value (the 64
> > bit
> >> IEEE format)." From [1]. The example given is clearly over the
> >> limit
> > within
> >> the PHP core.
> >>
> >> This sounds like what I was mentioning before, in a different thread,
> > about
> >> URL hacking to induce buffer overflow.
> >>
> >> Regards,
> >> Tommy
> >>
> >> [1] http://www.php.net/manual/en/language.types.float.php
> >
> > I found something really weird while coding a validator for floating
> > protection protection.
> >
> > Case 1 - known DoS / PHP hangs in infinite loop:
> >
> > $value = '2.2250738585072011e-308';
> > var_dump(floatval($value));
> >
> > Case 2 - works fine:
> >
> > $value = '2.2250738585072011e-307';
> > or
> > $value = '2.2250738585072011e-309';
> > or
> > $value = '2.225073858507201e-308';
> >
> > var_dump(floatval($value));
> >
> > I'd expect the '2.2250738585072011e-309' to hang also on my Win x64 with
> PHP
> > FastCGI. I haven't test it on *nix platform yet. Could someone please
> > confirm this?
> >
> > Thanks,
> > Tommy
> >
> >
>
> Seems to work fine for me.
>
> $ cat float.php
> <?php
>
> echo "Example 1\n";
> $value = 2.2250738585072011e-307;
> var_dump(floatval($value));
> var_dump($value);
>
> echo "Example 2\n";
> $value = 2.2250738585072011e-308;
> var_dump(floatval($value));
> var_dump($value);
>
> echo "Example 3\n";
> $value = 2.2250738585072011e-309;
> var_dump(floatval($value));
> var_dump($value);
>
> echo "Example 4\n";
> $value = 2.225073858507201e-308;
> var_dump(floatval($value));
> var_dump($value);
>
> ?>
> $ php -f float.php
> Example 1
> float(2.2250738585072E-307)
> float(2.2250738585072E-307)
> Example 2
> float(2.2250738585072E-308)
> float(2.2250738585072E-308)
> Example 3
> float(2.2250738585072E-309)
> float(2.2250738585072E-309)
> Example 4
> float(2.2250738585072E-308)
> float(2.2250738585072E-308)
>
> $ uname -a
> OpenBSD serv0.cmsws.com 4.3 GENERIC#698 i386 $ php -v PHP 5.2.5 with
> Suhosin-Patch 0.9.6.2 (cli) (built: Mar 11 2008 13:08:50) Copyright (c)
1997-
> 2007 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend
> Technologies
> with Suhosin v0.9.20, Copyright (c) 2002-2006, by Hardened-PHP Project
>
> No infinite loop. I like my system... :)
>
> Jim Lucas
Hi Jim,
Thanks for the confirmation. It appears that the bug is with the official
binary Windows distribution PHP 5.3.3 NTS and most likely with 5.3.3. I
just upgrade to NTS 5.3.5 and works fine now. It also runs fine against
unofficial PHP 5.2.5 x64 Windows ISAPI.
Thanks,
Tommy
--- End Message ---
--- Begin Message ---
> -----Original Message-----
> From: [email protected] [mailto:[email protected]] On Behalf Of
> Daniel Brown
> Sent: Sunday, January 16, 2011 7:00 PM
> To: Tommy Pham
> Cc: PHP General; PHP Internals List; [email protected]
> Subject: Re: [PHP] [security] PHP has DoS vuln with large decimal points
>
> On Sun, Jan 16, 2011 at 21:00, Tommy Pham <[email protected]> wrote:
> >
> > Here are the results after some further tests for the same platform:
> >
> > * max float value: 1.7976931348623E+308
> > * min float value: 9.8813129168249E-324 <<
> > floatval('1.0000000000000000000000e-323') weird ...
> >
> > PHP wil hang when the value is between (inclusive)
> >
> > floatval('2.22507385850720102e-308') -
> > floatval('2.22507385850720113e-308')
> >
> > I can't find the bug report for the issue @ bugs.php.net. Does anyone
> > know if one is submitted? I should submit one? Sucribe to dev list
> > and go from there?
>
> If in doubt, file a bug. Worse comes to worst, it will be marked as
bogus or
> a duplicate. For security-related things, send them to [email protected],
> not to the General list. Again, if it's of no concern, it will simply be
ignored
> as bogus or already known.
>
> --
> </Daniel P. Brown>
> Network Infrastructure Manager
> Documentation, Webmaster Teams
> http://www.php.net/
Thanks Dan. I'll keep it in mind for the future. For interested parties,
that's found in the official Windows 5.3.3 NTS VC9 build. Works fine with
the current official 5.3.5 NTS VC9.
Thanks,
Tommy
--- End Message ---
--- Begin Message ---
On 2011-01-16, at 9:59 PM, Daniel Brown <[email protected]> wrote:
> On Sun, Jan 16, 2011 at 21:00, Tommy Pham <[email protected]> wrote:
>>
>> Here are the results after some further tests for the same platform:
>>
>> * max float value: 1.7976931348623E+308
>> * min float value: 9.8813129168249E-324 <<
>> floatval('1.0000000000000000000000e-323') weird ...
>>
>> PHP wil hang when the value is between (inclusive)
>>
>> floatval('2.22507385850720102e-308') -
>> floatval('2.22507385850720113e-308')
>>
>> I can't find the bug report for the issue @ bugs.php.net. Does anyone know
>> if one is submitted? I should submit one? Sucribe to dev list and go from
>> there?
>
> If in doubt, file a bug. Worse comes to worst, it will be marked
> as bogus or a duplicate. For security-related things, send them to
> [email protected], not to the General list. Again, if it's of no
> concern, it will simply be ignored as bogus or already known
Is this not it?
http://bugs.php.net/53632
Best Regards
Mike Robinson
--- End Message ---
