You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2015/10/22 08:27:41 UTC
[Bug 58517] New: Apache fill up the memory with a buffer when it try
to run this php code that dose not have any kind of loops!
https://bz.apache.org/bugzilla/show_bug.cgi?id=58517
Bug ID: 58517
Summary: Apache fill up the memory with a buffer when it try to
run this php code that dose not have any kind of
loops!
Product: Apache httpd-2
Version: 2.2.0
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: mod_session
Assignee: bugs@httpd.apache.org
Reporter: a.x.l@live.com
Apache just fill the memory with buffer and sessions when this php code get
executed.
I couldn't know whats exactly the reason, but when the code get executed by
only one request, the apache just fill it self and the server go down.
the php POC:
""""""""""
<?php
function p404curl($url){
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_USERAGENT, "Chrome/36.0.1985.125");
return curl_exec($ch);
}
if (strtolower(substr(PHP_OS,0,3))=="win")
$sys='win';
else
$sys='unix';
$me = basename(__FILE__ );
$uul = $_SERVER['PHP_SELF'];
$rew = md5(time());
$uul = str_replace($_SERVER['REQUEST_URI'],$rew,$uul);
$uul= 'http://'.$_SERVER['HTTP_HOST'].$uul;
$uul1 = $_SERVER['REQUEST_URI'];
$uul = str_replace($rew,$_SERVER['REQUEST_URI'],$uul);
$d404 = 'e';
if ($sys == 'win'){
if (!isset($_SESSION['hidden']) ||
!file_exists('C:\\Users\\Default\\AppData\\Local\\Temp\\'.md5($uul1))){
$p404 = p404curl($uul) or $d404;
file_put_contents("C:\\Users\\Default\\AppData\\Local\\Temp\\".md5($uul1),$p404);
$_SESSION['hidden'] = md5($uul1);
}else{
$p404 =
file_get_contents('C:\\Users\\Default\\AppData\\Local\\Temp\\'.md5($uul1));
}
}else{
if (!isset($_SESSION['hidden']) || !file_exists('/tmp/'.md5($uul1))){
$p404 = p404curl($uul) or $d404;
file_put_contents('/tmp/'.md5($uul1),$p404);
$_SESSION['hidden'] = md5($uul1);
}else{
$p404 = file_get_contents('/tmp/'.md5($uul1));
}
}
echo $p404;
die();
""""""""""
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 58517] Apache fills up the memory with a buffer when it tries
to run this PHP code that does not have any kind of loops!
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=58517
a.x.l@live.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #4 from a.x.l@live.com ---
All right, Thanks and sorry for your time, have a good one.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 58517] Apache fills up the memory with a buffer when it tries
to run this PHP code that does not have any kind of loops!
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=58517
Yann Ylavic <yl...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
--- Comment #1 from Yann Ylavic <yl...@gmail.com> ---
It's not really obvious this script does not provoke any loop since, as far as
I understand it, it cURLs on the requested Host...
If the cURL request is itself handled by this php script, that's a loop (or
more exactly an infinite recursion).
Did you verify this point?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 58517] Apache fills up the memory with a buffer when it tries
to run this PHP code that does not have any kind of loops!
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=58517
--- Comment #2 from a.x.l@live.com ---
will, I think your right about the "infinite recursion", but as I tested it,
Apache dose not have any limits for its memory in this kind of attacks. because
it try to respond to the first request by trying to respond for the request
after it and keeps like that. So it dose n't fill all memory, but it fills
apache process.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 58517] Apache fill up the memory with a buffer when it try to
run this php code that does not have any kind of loops!
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=58517
Mike Rumph <mi...@oracle.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Apache fill up the memory |Apache fill up the memory
|with a buffer when it try |with a buffer when it try
|to run this php code that |to run this php code that
|dose not have any kind of |does not have any kind of
|loops! |loops!
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 58517] Apache fills up the memory with a buffer when it tries
to run this PHP code that does not have any kind of loops!
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=58517
Mike Rumph <mi...@oracle.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Apache fill up the memory |Apache fills up the memory
|with a buffer when it try |with a buffer when it tries
|to run this php code that |to run this PHP code that
|does not have any kind of |does not have any kind of
|loops! |loops!
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 58517] Apache fills up the memory with a buffer when it tries
to run this PHP code that does not have any kind of loops!
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=58517
Yann Ylavic <yl...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |INVALID
Status|NEEDINFO |RESOLVED
--- Comment #3 from Yann Ylavic <yl...@gmail.com> ---
It really deppends on how you run PHP regarding the memory/processes
footprints, inner process (mod_php) or via a proxy (mod_proxy_* to php-fpm),
the latter being much less expensive...
In both cases though, the number settings (MaxRequestWorkers, ...) should be
tuned to fit the hardware/system capabilities, so that httpd won't exhaust its
resources before reaching these limits.
Anyway, this is not a bug in httpd, so I'm closing this report.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org