Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:19406
Return-Path: <php.net@ibink.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 77415 invoked by uid 1010); 4 Oct 2005 16:25:02 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 77399 invoked from network); 4 Oct 2005 16:25:02 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 4 Oct 2005 16:25:02 -0000
X-Host-Fingerprint: 216.27.179.240 dsl027-179-240.sfo1.dsl.speakeasy.net Linux 2.4/2.6
Received: from ([216.27.179.240:35614] helo=panda.ibink.com)
	by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with SMTP
	id 03/85-54476-DDCA2434 for <internals@lists.php.net>; Tue, 04 Oct 2005 12:25:02 -0400
Received: from pomegranate.ibink.com ([10.100.1.21])
	by panda.ibink.com with asmtp 
	(Cipher TLSv1:RC4-MD5:128) (Exim 3.35 #1 (Debian))
	id 1EMpb0-0004Nv-00; Tue, 04 Oct 2005 09:24:50 -0700
Message-ID: <4342ACC1.2030106@ibink.com>
Date: Tue, 04 Oct 2005 09:24:33 -0700
User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: George Schlossnagle <george@omniti.com>
CC: Rasmus Lerdorf <rasmus@lerdorf.com>,  internals@lists.php.net, 
	Magpierss-general@lists.sourceforge.net
References: <433973F4.2020103@ibink.com> <43397815.2030000@lerdorf.com> <4342A4A8.9090103@ibink.com> <362F3EA1-D850-429E-8889-54675FCEB920@omniti.com>
In-Reply-To: <362F3EA1-D850-429E-8889-54675FCEB920@omniti.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] Comment on Bug #30153: FATAL erealloc() error when
	using gzinflate()
From: php.net@ibink.com (Tim Nufire)

This is starting to sound like the dispute in the initial bug 
report..... Regardless of the root cause, this is a serious bug in PHP 
which exposes any script using gzinflate to denial of service attacks. 
While I'm sure extending zlib provides the most elegant fix to this 
problem, it should be possible to protect PHP scripts from crashes 
without such extensions. At the very least, the documentation should 
include a warning about this vulnerability..... I agree that a bug 
should be filed against zlib as well but don't understand why there is 
so much resistance to tracking this in the PHP bug database. I am not 
the right person to file the zlib bug since I don't know enough about 
what is needed there but I can open a new bug in the PHP db if reopening 
30153 is not the right answer.

Tim

George Schlossnagle wrote:

>
> On Oct 4, 2005, at 11:50 AM, Tim Nufire wrote:
>
>> Ramus,
>>
>> Thanks for the response. Unfortunately, I don't have any great  ideas 
>> on how to patch this and for now have just stopped using  gzinflate 
>> :-/ Is there a way to reopen bug 30153? That description  of this 
>> issue is pretty good and, even if the bug is hard to fix,  it should 
>> still be tracked somewhere....
>
>
> You should file a bug against zlib, as it is the library that needs  
> to export these sorts of validation methods.  If/when zlib supports  
> this sort of feature, PHP will support it.
>
> George
>
>