From: bugs-php at misc dot lka dot org dot lu Operating system: Linux PHP version: 5.2.3 PHP Bug Type: PHP options/info functions Bug description: Provide option to limit number of logfile entries per script invocation
Description: ------------ Right now, an untrusted user can write a PHP script that seriously impacts a server by filling up its log file. Even the ignore_repeated_errors settings doesn't help here, if the script alternates between two messges. We had this happen here accidentally, using a construct such as follows: $fp=fopen($website,"r"); while (!feof($fp)) { .... } where the test whether $fp was a valid file handle was forgotten... And log_errors_max_len didn't help either; apparently this covers the length of an individual log entry, rather than multiple log entries issued by the same script invocation. In order to solve this issue, would it be possible to have one of the following solutions: 1. A max_log_lines quota which would just stop logging if reached. 2. A max_log_lines_kill quota, which would kill the script if reached 3. Some mandatory wait after each log line, to slow down the filling up of the log Reproduce code: --------------- <?php $website="http://www.ruthe.de/strip/strip.pl"; $fp=fopen($website,"r"); // or die ("Cannot open url"); $bild="null"; while (!feof($fp)) { $a = ereg("img/strip_[0-9]+.jpg",fgets($fp,1024),$bild); } $url="http://www.ruthe.de/strip/".$bild[0]; //print "ruthe.de=$url"; fclose($fp); ?> Expected result: ---------------- Script fails, but machine stays up Actual result: -------------- Apache error_log file fills up /var partition until machine crashes and burns... -- Edit bug report at http://bugs.php.net/?id=41809&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=41809&r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=41809&r=trysnapshot52 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=41809&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=41809&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=41809&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=41809&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=41809&r=needscript Try newer version: http://bugs.php.net/fix.php?id=41809&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=41809&r=support Expected behavior: http://bugs.php.net/fix.php?id=41809&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=41809&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=41809&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=41809&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=41809&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=41809&r=dst IIS Stability: http://bugs.php.net/fix.php?id=41809&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=41809&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=41809&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=41809&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=41809&r=mysqlcfg