Development

#6710 ([PATCH] application/webserver crashes on invalid actionname)

You must first sign up to be able to contribute.

Ticket #6710 (closed defect: fixed)

Opened 4 years ago

Last modified 7 months ago

[PATCH] application/webserver crashes on invalid actionname

Reported by: tuebernickel Assigned to: FabianLange
Priority: major Milestone: 1.2.8
Component: controller Version: 1.2.7
Keywords: Cc:
Qualification: Accepted

Description

Scenario

Call an URL like /<module>/' < with this quote. (r19592)

Defect

The execute() method of sfActions calls itself until nested function limit is reached or webserver crashes.

However this has to end in a 500, but it should not crash the webserver.

debug enabled

Fatal error: Maximum function nesting level of '500' reached, aborting!

debug disabled

500 Internal Server Error

Possible Fixes

I worked around this with a simple check. Maybe this is not the best solution, but it works so far. 

Index: lib/action/sfActions.class.php
===================================================================
--- lib/action/sfActions.class.php	(revision 19592)
+++ lib/action/sfActions.class.php	(working copy)
@@ -38,6 +38,14 @@
   {
     // dispatch action
     $actionToRun = 'execute'.ucfirst($this->getActionName());
+
+    // no action name given
+    if ($actionToRun === 'execute')
+    {
+      // no action given
+      throw new sfInitializationException(sprintf('sfAction initialization failed for module "%s". There was no action given.', $this->getModuleName()));
+    }
+
     if (!is_callable(array($this, $actionToRun)))
     {
       // action not found

via

#symfony freenode IRC 

 <maximumbob> I just managed to crash Apache via PHP via Symfony, and its reproduceable
 <maximumbob> I went to url/[module]/' <- put a quote by accident
 <maximumbob> and crashed apache

Change History

07/06/09 09:30:42 changed by FabianLange

  • owner changed from fabien to FabianLange.
  • status changed from new to assigned.
  • qualification changed from Unreviewed to Accepted.
  • milestone set to 1.2.8.

07/06/09 09:43:26 changed by FabianLange

first i thought it would be more performant to check with empty rather than string comparison, but it turns out that it would slow this method more down than comparing to empty execute

07/06/09 09:52:48 changed by FabianLange

  • status changed from assigned to closed.
  • resolution set to fixed.

(In [19911]) [1.0, 1.1, 1.2, 1.3] added check in sfActions that prefents infinite recursion in the execute method when the action name is empty (fixes #6710)