Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-55724

Infinite loop in trusttest_strip_text

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • 3.0.6, 3.1.2
    • 3.0.4, 3.1.1, 3.2
    • General, Glossary
    • MOODLE_30_STABLE, MOODLE_31_STABLE, MOODLE_32_STABLE
    • MOODLE_30_STABLE, MOODLE_31_STABLE
    • MDL-55724-master
    • Hide

      WARNING - THIS TEST MAY KILL YOUR BROWSER (and will also eat server CPU for a bit) if you run it before the issue is fixed.

      1. On a test course, create a new glossary. Type a name but otherwise use default settings.
      2. Go to 'Import glossary entries'
      3. Upload attached evil_glossary.xml (leave other options default)
      4. Submit the form

      EXPECTED: You should get an error message
      BEFORE FIX: There is an infinite loop, so no response from server. If you have debugging enabled, a very large number of PHP notices will appear in your browser or error logs.

      Show
      WARNING - THIS TEST MAY KILL YOUR BROWSER (and will also eat server CPU for a bit) if you run it before the issue is fixed. 1. On a test course, create a new glossary. Type a name but otherwise use default settings. 2. Go to 'Import glossary entries' 3. Upload attached evil_glossary.xml (leave other options default) 4. Submit the form EXPECTED: You should get an error message BEFORE FIX: There is an infinite loop, so no response from server. If you have debugging enabled, a very large number of PHP notices will appear in your browser or error logs.

      The trusttest_strip_text function causes an infinite loop if its parameter is not a string (e.g. an array). This has two bad effects:

      1. The infinite loop occupies a server CPU until the request hits PHP time limit
      2. If warnings are enabled, a PHP warning (because of using strcmp on an array) will be output to the server log a large number of times, causing it to balloon in size and potentially fill storage.

      As you can see this is quite bad.

      I haven't found a way for students to trigger the error, but it is currently possible (and happened on our system) to trigger this error by importing an invalid glossary XML.

      Marking 'could be a security issue' as this is an easy way to trigger a server DOS, but it's generally only open to staff, so probably not a big deal. Feel free to un-mark as security issue if appropriate!

      We reproduced this on 3.0.4 but it probably applies to all previous Moodle versions back to the time when dinosaurs walked the earth. Edit - I checked and it's from 2006. That's about when stegosaurus was around, right?

            quen Sam Marshall
            quen Sam Marshall
            Marina Glancy Marina Glancy
            Eloy Lafuente (stronk7) Eloy Lafuente (stronk7)
            Andrew Lyons Andrew Lyons
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.