PassMark Logo
Home » Forum

Announcement

Collapse
No announcement yet.

Fix for PHP floating point bug crashing servers (not caused by Zoom)

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Fix for PHP floating point bug crashing servers (not caused by Zoom)

    This is a general notice to people running PHP sites out there. Please note that it is NOT a problem caused by Zoom - any PHP script on your website (e.g. your forum, CMS, etc.) could be susceptible to this problem.

    There has been a recent discovery of a serious bug in the PHP scripting engine that causes it to crash when a particular floating point number: 2.2250738585072011e-308 is assigned to a variable. This means many servers out there are now vulnerable to being made to crash (technically, it just locks up a CPU at 100% until the process is killed or restarted, but it can lead to a server being made unavailable) simply by having a user submit that value to a PHP page (e.g. think a login name, or a forum post, etc.)

    You should check if you are vulnerable to this and contact your web host for help. They should update to the latest version of PHP (which has fixed this problem) if necessary, but many web hosts can be slow on the task.
    Note that it reportedly only seems to be affecting 32-bit builds of the PHP engine, and not the 64-bit builds.

    A short term fix would be to add the following code to the start of a PHP script to avoid this from happening. It will abort any attempt to use the problemmatic floating point number when submitted by an attacker:
    Code:
     // Protection from floating point bug in PHP engine
     if (strpos(str_replace('.', '', serialize($_REQUEST)), '22250738585072011') !== false) 
     {
         header('Status: 422 Unprocessable Entity');
         die();
     }
    More information can be found on the PHP bugs website here:
    http://bugs.php.net/bug.php?id=53632

    Thanks to Jefferson F. Scher for contacting us about this. A modified version of the fix he suggested is above.
    --Ray
    Wrensoft Web Software
    Sydney, Australia
    Zoom Search Engine

  • #2
    Although this is a very serious bug in PHP there might be a mitigating factor on many shared hosting servers.

    Many shared hosting servers running Apache will have the RLimitCPU value set on the Apache httpd.conf file.

    The RLimitCPU value should stop (kill) the execution of any PHP code that runs for more the limit set (often a few seconds on shared hosting).
    http://www.apacheref.com/ref/http_core/RLimitCPU.html

    Luckily our own server is running 64bit PHP

    Also just some additional info. The error appears in both the current PHP 5.2.x and 5.3.x. including 5.2.16. It also on affects Intel based CPUs using x87 FPU (i.e. most Intel CPUs).

    Comment


    • #3
      Update: Seems RLimitCPU might not help as the execution time exceeded flag is only checked between individual PHP commands, and this lockup occurs inside a single PHP command.

      There is also a more detailed technical explanation here,
      http://news.ycombinator.com/item?id=2066352

      Comment

      Working...
      X