Make WordPress Core

Opened 9 years ago

Closed 9 years ago

Last modified 9 years ago

#32135 closed defect (bug) (fixed)

wp_tempnam() recursive broken code

Reported by: cloudware's profile cloudware Owned by: dd32's profile dd32
Milestone: 4.2.2 Priority: normal
Severity: major Version: 4.2
Component: Upgrade/Install Keywords:
Focuses: Cc:

Description (last modified by SergeyBiryukov)

ref. https://wordpress.org/support/topic/unable-to-update-plugins-after-upgrade-to-42?replies=11#post-6871167

see [31936]

"If the folder is falsey, use it's (sic) parent directory name instead"

this self-calling function is broken when wordpress requires maintenance mode to be set... calling wp_tempnam("/.maintenance",""); recurses until PHP fatally runs out of memory.

Attachments (1)

32135-1.diff (420 bytes) - added by hnle 9 years ago.
suggested by taka2 (https://ja.forums.wordpress.org/topic/150570)

Download all attachments as: .zip

Change History (11)

#1 @cloudware
9 years ago

  • Severity changed from normal to major

#2 @SergeyBiryukov
9 years ago

  • Component changed from General to Upgrade/Install
  • Description modified (diff)
  • Milestone changed from Awaiting Review to 4.2.2

#3 @SergeyBiryukov
9 years ago

#32123 was marked as a duplicate.

#4 @cloudware
9 years ago

I have a concern with this patch - if the purpose of using a temporary name of '/.maintenance' is so WordPress can prevent access to a site under maintenance, then use of a continuously variable number instead surely isn't good.

Purely as an observation and admittedly not knowing of the inner workings, I don't know why a tempname function need to be so complex?

#5 @Monika
9 years ago

if I'm using AddHandler php56-cgi .php /htaccess
this bug doesn't appear,

I know this is a work around but maybe it is helpfully

Last edited 9 years ago by Monika (previous) (diff)

#6 @pattyland
9 years ago

#32162 was marked as a duplicate.

#7 @taka2
9 years ago

This problem is very serious because it affects also Wordpress self updating, not only plugin/thema updating.

Wordpress's "wp_tempnam" function is not supposed that argument $filename is root directory and has no basename (such as "/.maintenance").
If $filename has no basename(extensions only), wp_tempname is called recursively to generate tempname based on the parent directory of $filename,
but parent of root directory("/") is also root("/"), so it causes infinite recursive calling.

Wordpress updater creates ".maintenance" file to the installed directory,
therefore this problem occurs when the following conditions.
. Updating via FTP (ftpsock or ftpext).
. Wordpress is installed at the root directory of FTP server (using chrooted account).

In this case, Wordpress updater calls function wp_tempnam('/.maintenance'), so it falls into infinite loop.
If Wordpress is installed at subdirectory of FTP home, or if updating via ssh or direct, this problem will not occur.

Last edited 9 years ago by taka2 (previous) (diff)

#8 @SergeyBiryukov
9 years ago

#32164 was marked as a duplicate.

#9 @dd32
9 years ago

  • Owner set to dd32
  • Resolution set to fixed
  • Status changed from new to closed

In 32322:

When creating a temporary file treat the / directory properly, to prevent it ending up in an endless self-calling loop.
Props hnle, taka2. Fixes #32135. See #31811

#10 @dd32
9 years ago

In 32324:

When creating a temporary file treat the / directory properly, to prevent it ending up in an endless self-calling loop.
Props hnle, taka2. Fixes #32135. See #31811
Merges [32322] to the 4.2 branch.

Note: See TracTickets for help on using tickets.