Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-55724

Infinite loop in trusttest_strip_text

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 3.0.4, 3.1.1, 3.2
    • 3.0.6, 3.1.2
    • General, Glossary
    • MOODLE_30_STABLE, MOODLE_31_STABLE, MOODLE_32_STABLE
    • MOODLE_30_STABLE, MOODLE_31_STABLE
    • MDL-55724-master
    • Hide

      WARNING - THIS TEST MAY KILL YOUR BROWSER (and will also eat server CPU for a bit) if you run it before the issue is fixed.

      1. On a test course, create a new glossary. Type a name but otherwise use default settings.
      2. Go to 'Import glossary entries'
      3. Upload attached evil_glossary.xml (leave other options default)
      4. Submit the form

      EXPECTED: You should get an error message
      BEFORE FIX: There is an infinite loop, so no response from server. If you have debugging enabled, a very large number of PHP notices will appear in your browser or error logs.

      Show
      WARNING - THIS TEST MAY KILL YOUR BROWSER (and will also eat server CPU for a bit) if you run it before the issue is fixed. 1. On a test course, create a new glossary. Type a name but otherwise use default settings. 2. Go to 'Import glossary entries' 3. Upload attached evil_glossary.xml (leave other options default) 4. Submit the form EXPECTED: You should get an error message BEFORE FIX: There is an infinite loop, so no response from server. If you have debugging enabled, a very large number of PHP notices will appear in your browser or error logs.

    Description

      The trusttest_strip_text function causes an infinite loop if its parameter is not a string (e.g. an array). This has two bad effects:

      1. The infinite loop occupies a server CPU until the request hits PHP time limit
      2. If warnings are enabled, a PHP warning (because of using strcmp on an array) will be output to the server log a large number of times, causing it to balloon in size and potentially fill storage.

      As you can see this is quite bad.

      I haven't found a way for students to trigger the error, but it is currently possible (and happened on our system) to trigger this error by importing an invalid glossary XML.

      Marking 'could be a security issue' as this is an easy way to trigger a server DOS, but it's generally only open to staff, so probably not a big deal. Feel free to un-mark as security issue if appropriate!

      We reproduced this on 3.0.4 but it probably applies to all previous Moodle versions back to the time when dinosaurs walked the earth. Edit - I checked and it's from 2006. That's about when stegosaurus was around, right?

      Attachments

        Issue Links

          Activity

            People

              quen Sam Marshall
              quen Sam Marshall
              Marina Glancy Marina Glancy
              Eloy Lafuente (stronk7) Eloy Lafuente (stronk7)
              Andrew Lyons Andrew Lyons
              Adrian Greeve, David Woloszyn, Huong Nguyen, Jake Dallimore, Michael Hawkins, Stevani Andolo, Ilya Tregubov, Kevin Percy, Mathew May, Mihail Geshoski, Shamim Rezaie
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                12/Sep/16