Make WordPress Core

Opened 10 years ago

Closed 10 years ago

Last modified 10 years ago

#32135 closed defect (bug) (fixed)

wp_tempnam() recursive broken code

Reported by: cloudware's profile cloudware Owned by: dd32's profile dd32
Milestone: 4.2.2 Priority: normal
Severity: major Version: 4.2
Component: Upgrade/Install Keywords:
Focuses: Cc:

Description (last modified by SergeyBiryukov)

ref. https://wordpress.org/support/topic/unable-to-update-plugins-after-upgrade-to-42?replies=11#post-6871167

see [31936]

"If the folder is falsey, use it's (sic) parent directory name instead"

this self-calling function is broken when wordpress requires maintenance mode to be set... calling wp_tempnam("/.maintenance",""); recurses until PHP fatally runs out of memory.

Attachments (1)

32135-1.diff (420 bytes) - added by hnle 10 years ago.
suggested by taka2 (https://ja.forums.wordpress.org/topic/150570)

Download all attachments as: .zip

Change History (11)

#1 @cloudware
10 years ago

  • Severity changed from normal to major

#2 @SergeyBiryukov
10 years ago

  • Component changed from General to Upgrade/Install
  • Description modified (diff)
  • Milestone changed from Awaiting Review to 4.2.2

#3 @SergeyBiryukov
10 years ago

#32123 was marked as a duplicate.

#4 @cloudware
10 years ago

I have a concern with this patch - if the purpose of using a temporary name of '/.maintenance' is so WordPress can prevent access to a site under maintenance, then use of a continuously variable number instead surely isn't good.

Purely as an observation and admittedly not knowing of the inner workings, I don't know why a tempname function need to be so complex?

#5 @Monika
10 years ago

if I'm using AddHandler php56-cgi .php /htaccess
this bug doesn't appear,

I know this is a work around but maybe it is helpfully

Last edited 10 years ago by Monika (previous) (diff)

#6 @pattyland
10 years ago

#32162 was marked as a duplicate.

#7 @taka2
10 years ago

This problem is very serious because it affects also Wordpress self updating, not only plugin/thema updating.

Wordpress's "wp_tempnam" function is not supposed that argument $filename is root directory and has no basename (such as "/.maintenance").
If $filename has no basename(extensions only), wp_tempname is called recursively to generate tempname based on the parent directory of $filename,
but parent of root directory("/") is also root("/"), so it causes infinite recursive calling.

Wordpress updater creates ".maintenance" file to the installed directory,
therefore this problem occurs when the following conditions.
. Updating via FTP (ftpsock or ftpext).
. Wordpress is installed at the root directory of FTP server (using chrooted account).

In this case, Wordpress updater calls function wp_tempnam('/.maintenance'), so it falls into infinite loop.
If Wordpress is installed at subdirectory of FTP home, or if updating via ssh or direct, this problem will not occur.

Last edited 10 years ago by taka2 (previous) (diff)

#8 @SergeyBiryukov
10 years ago

#32164 was marked as a duplicate.

#9 @dd32
10 years ago

  • Owner set to dd32
  • Resolution set to fixed
  • Status changed from new to closed

In 32322:

When creating a temporary file treat the / directory properly, to prevent it ending up in an endless self-calling loop.
Props hnle, taka2. Fixes #32135. See #31811

#10 @dd32
10 years ago

In 32324:

When creating a temporary file treat the / directory properly, to prevent it ending up in an endless self-calling loop.
Props hnle, taka2. Fixes #32135. See #31811
Merges [32322] to the 4.2 branch.

Note: See TracTickets for help on using tickets.