Project

General

Profile

Actions
Copy link

Bug #23648

closed

Mitigate libpcre recursion crash in email address validation

Added by Marcus Krause about 14 years ago. Updated about 14 years ago.

Status:
Closed
Priority:
Must have
Assignee:
Marcus Krause
Category:
-
Target version:
-
Start date:
2010-09-29
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.3
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

PHP's ext/filter causes a libpcre recursion crash in email address validation. This happens when a string to validate is of an unusual long length.

The report mentions a limit of 1000 characters on a FreeBSD system (PHP 5.2.14).

X-Reference: #2010092410000017
Reported by: Bjoern Pedersen

Confirmed by PHP Security Team. Claimed to be an expected behaviour.
(issue imported from #M15860)

Files

Download all files
15860_4-4.diff (656 Bytes) 15860_4-4.diff Administrator Admin, 2010-09-29 20:02
15860_trunk.diff (656 Bytes) 15860_trunk.diff Administrator Admin, 2010-09-29 20:10
15860_4-3.diff (656 Bytes) 15860_4-3.diff Administrator Admin, 2010-09-29 20:18
15860_trunk_v1.diff (711 Bytes) 15860_trunk_v1.diff Administrator Admin, 2010-10-04 23:17
15860_4-4_v1.diff (711 Bytes) 15860_4-4_v1.diff Administrator Admin, 2010-10-04 23:30
15860_4-3_v1.diff (711 Bytes) 15860_4-3_v1.diff Administrator Admin, 2010-10-04 23:47

Related issues 1 (0 open1 closed)

Has duplicate TYPO3 Core - Bug #23769: Server crashes calling t3lib_div::validEmail() with a string which has more characters than 2264Closed2010-10-17

Actions
Actions
Copy link
 #1

Updated by Helmut Hummel about 14 years ago

PoC:

$text1="AAAAAAAAAAAAAAAAAAAAAAAAAAAA";
filter_var($text1,FILTER_VALIDATE_EMAIL);
echo "filter 1";
$text2="";
$x=0;
while ($x<1000){ // if 999 or less, no core dump
$text2.='X';
echo $x;
filter_var($text2,FILTER_VALIDATE_EMAIL);
echo "done";
$x=$x+1;
}
echo "filter 2";
?>

Actions
Copy link

Also available in: Atom PDF