• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

PHP floating point bug - potential DoS threat

Luke F

Well-known member
#1
http://www.exploringbinary.com/php-hangs-on-numeric-value-2-2250738585072011e-308/

Looks like this site runs on a 64-bit server - don't go posting the code below inside [php] tags on any XenForo forums running on 32-bit servers - even just the highlighting code is enough to trigger it :p

PHP:
<?php $d = 2.2250738585072011e-308; ?>
If you're running an x86 server (like me :(), watch out for the next release of PHP update ASAP! One of my members has already managed to (semi-accidentally) DoS my server using this. >.>


Edit: Also just to clarify, you can still be vulnerable if you are running x64 but have an x86 version of PHP. You should double check by running the test script via CLI mode.
 

Brogan

XenForo moderator
Staff member
#2
Strangely enough we (Kier, Lawrence, Dean) were discussing this last night.
My shared server is also running 32 bit so I've contacted my host again to ensure steps are taken - they weren't that interested when I mentioned it to them last night.
 

M@rc

Well-known member
#6
I've contacted my host and it seems that they are protected against these types of attacks.

The person that tried to execute the script will be blocked.
 

MGSteve

Well-known member
#8
Hmm, it hangs my Win32 dev box, but works fine on the self-compiled version on the Live Linux box.

32bit on both, 5.25 on the Dev box, 5.29 on the live box, FWIW.
 

Andy.N

Well-known member
#15
I put the content into a file called text.php and run it from the command line

#php text.php
Testing float behaviour. If this script hangs or terminates with an error message due to maximum execution time limit being reached, you should update your PHP installation asap!
For more information refer to <http://bugs.php.net/53632>.
Your system seems to be safe.

EDIT: I run PHP 5.3.3 by the way
# php -v
PHP 5.3.3 (cli) (built: Nov 11 2010 18:42:09)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies

# uname -a
Linux host.quantnet.com 2.6.9-023stab048.6-enterprise #1 SMP Mon Nov 17 19:09:18 MSK 2008 i686 i686 i386 GNU/Linux
 

Miko

Well-known member
#17
If you are not server admin and your host support is slow you could prevent the malicious code by adding something like this to your php script

Untested but should work.

PHP:
<?php

// *************************************************************
// QUICK FIX / WORKAROUND FOR PHP FLOATING POINT DOS ATTACK
// provided by AirCraft24.com / www.aircraft24.com
// version 1.5, released 2011-01-06 14:00 GMT+1
// *************************************************************

if (strstr(str_replace('.','',serialize($_REQUEST)), '22250738585072011'))
{
  header('Status: 422 Unprocessable Entity');
  die ('Script interrupted due to floating point DoS attack.');
}

// *************************************************************
// END QUICK FIX / WORKAROUND FOR PHP FLOATING POINT DOS ATTACK
// *************************************************************

?>