Make WordPress Core

Opened 11 years ago

Closed 11 years ago

Last modified 8 years ago

#16097 closed defect (bug) (wontfix)

wordpress and float error causes server to exceed resources

Reported by: fristopher Owned by:
Milestone: Priority: normal
Severity: critical Version:
Component: General Keywords:
Focuses: Cc:


as seen here


would work for http://domain.com/?orderby=2.2250738585072011e-308

I know this is a php bug, but it happens to wordpress sites, and could be used as a denial of service, if people keep making requests.

Attachments (1)

php-floating-point-dos-attack-workaround.php (655 bytes) - added by SergeyBiryukov 11 years ago.

Download all attachments as: .zip

Change History (12)

#2 @fristopher
11 years ago

here is the error it produces

Fatal error: Maximum execution time of 30 seconds exceeded in /wp-includes/query.php on line 2194

#3 @nacin
11 years ago

  • Milestone changed from Awaiting Review to 3.1

We've been looking into this since last night, thanks.

It would be nice if reports that are vulnerabilities in nature get reported to security@… in the future. Thanks.

#4 @ryan
11 years ago

If this triggers when we check a value against a white list as part of our input sanitization, this is gonna be no fun to fix.

#5 @nacin
11 years ago

  • Version 3.0.4 deleted

This has been fixed upstream. There is very little we can do here. Line 2194 is:

	if ( ! in_array($orderby, $allowed_keys) )

If we can't do that, I'm not sure there's much we can do to sanitize this in userland. The fix was one word upstream, but could be a significant amount of code downstream.

#6 @jane
11 years ago

  • Resolution set to wontfix
  • Status changed from new to closed

Per IRC chat 11/5/2011, closing wontfix. Not under our control. Plan is to contact PHP guys to see if there's anything we should do, contact major hosts to make sure they're aware of it, post on WP blogs to warn users.

#7 @SergeyBiryukov
11 years ago

Turned the code by AirCraft24.com into a plugin which also handles:

  • Different decimal point placement: 222.50738585072011e-310
  • Trailing zeroes: 2.22507385850720110e-308
  • Capital exponent sign

#8 @kcristiano
11 years ago

I just placed this in the wp-content/mu-plugins folder on 6 tests sites and this fixes the problem perfectly.

I tested on CentOS 5.5 with php 5.3.3 and IIS 7 with php 5.3.3. Both were affected prior to using the plugin, both are fine now. I used Wordpress 3.0.4 and 3.1-RC2 for testing.

Thanks for turning the code in a plugin.

#9 @SergeyBiryukov
11 years ago

Made a request on the Plugin Directory.

#10 @SergeyBiryukov
11 years ago

The plugin is now available in the Plugin Directory.

I've added array handling in the development version. Would appreciate feedback.

Last edited 11 years ago by SergeyBiryukov (previous) (diff)

#11 @SergeyBiryukov
8 years ago

  • Milestone 3.1 deleted
Note: See TracTickets for help on using tickets.