php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Sec Bug #67705 extensive backtracking in rule regular expression
Submitted: 2014-07-29 06:44 UTC Modified: 2014-08-04 07:26 UTC
From: [email protected] Assigned: remi (profile)
Status: Closed Package: Filesystem function related
PHP Version: 5.4.31 OS: irrevelant
Private report: No CVE-ID: 2014-3538
View Developer Edit
 [2014-07-29 06:44 UTC] [email protected] 
Description:
------------
It was discovered the original upstream fix for the CVE-2013-7345 (bug #66946) issue did not sufficiently address the problem.  A specially-crafted input file could still cause file to use an excessive amount of CPU time when trying to detect file type using awk regular expression rule.

See https://bugzilla.redhat.com/CVE-2014-3538

Patches

magicdata-56.patch (last revision 2014-07-29 08:32 UTC by [email protected])
magicdata-54.patch (last revision 2014-07-29 08:32 UTC by [email protected])
cve-2014-3538-php54.patch (last revision 2014-07-29 07:25 UTC by [email protected])
cve-2014-3538.patch (last revision 2014-07-29 06:44 UTC by [email protected])

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-07-29 06:44 UTC] [email protected] 
The following patch has been added/updated:

Patch Name: cve-2014-3538.patch
Revision:   1406616296
URL:        https://bugs.php.net/patch-display.php?bug=67705&patch=cve-2014-3538.patch&revision=1406616296
 [2014-07-29 06:48 UTC] [email protected]
-Assigned To: +Assigned To: remi
 [2014-07-29 06:48 UTC] [email protected] 
Notice, this patch is mostly 

data_file.c:
https://github.com/file/file/commit/0b478f445b6b7540b58af5d1fe583fa9e48fd745
https://github.com/file/file/commit/71a8b6c0d758acb0f73e2e51421a711b5e9d6668

softmagic.c: 
https://github.com/file/file/commit/71a8b6c0d758acb0f73e2e51421a711b5e9d6668

The upstream commit also introduce a new "l modifier feature".
This have not be backported, as this imply to bump the version of the magic format, which is obviously not expected in PHP as this will introduce a BC, and break code of users relying on an external magic file.
 [2014-07-29 06:49 UTC] [email protected]
-CVE-ID: +CVE-ID: 2014-3538
 [2014-07-29 06:54 UTC] [email protected] 
Confirming the issue and the fix. The patch is applicable in 5.6, 5.4 and 5.5 are still vulnerable.
 [2014-07-29 07:25 UTC] [email protected] 
The following patch has been added/updated:

Patch Name: cve-2014-3538-php54.patch
Revision:   1406618727
URL:        https://bugs.php.net/patch-display.php?bug=67705&patch=cve-2014-3538-php54.patch&revision=1406618727
 [2014-07-29 07:26 UTC] [email protected] 
cve-2014-3538-php54.patch is for php 5.4/5.5
cve-2014-3538.patch is for php 5.6+
 [2014-07-29 08:32 UTC] [email protected] 
The following patch has been added/updated:

Patch Name: magicdata-54.patch
Revision:   1406622741
URL:        https://bugs.php.net/patch-display.php?bug=67705&patch=magicdata-54.patch&revision=1406622741
 [2014-07-29 08:32 UTC] [email protected] 
The following patch has been added/updated:

Patch Name: magicdata-56.patch
Revision:   1406622760
URL:        https://bugs.php.net/patch-display.php?bug=67705&patch=magicdata-56.patch&revision=1406622760
 [2014-07-29 08:33 UTC] [email protected] 
magicdata-54.patch to replace ext/fileinfo/magicdata.patch in 5.4/5.5
magicdata-56.patch to replace ext/fileinfo/magicdata.patch in 5.6
 [2014-08-04 07:26 UTC] [email protected]
-Status: Assigned +Status: Closed
 [2014-08-04 07:26 UTC] [email protected] 
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

Since it's public in the upstream, we can merge the fix now and make the bug public too.
 [2014-08-04 08:26 UTC] [email protected] 
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=28786a2f82addf7035a4871157f0b63492ac608b
Log: Fix bug #67705 (extensive backtracking in rule regular expression)
 [2014-08-04 08:26 UTC] [email protected] 
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=eeaec70758bfc0c0e2c0f8944c8dbeae02866206
Log: Fix bug #67705 (extensive backtracking in rule regular expression)
 [2014-08-04 08:43 UTC] [email protected] 
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=28786a2f82addf7035a4871157f0b63492ac608b
Log: Fix bug #67705 (extensive backtracking in rule regular expression)
 [2014-08-04 08:43 UTC] [email protected] 
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=eeaec70758bfc0c0e2c0f8944c8dbeae02866206
Log: Fix bug #67705 (extensive backtracking in rule regular expression)
 [2014-08-11 07:43 UTC] [email protected] 
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=28786a2f82addf7035a4871157f0b63492ac608b
Log: Fix bug #67705 (extensive backtracking in rule regular expression)
 [2014-08-11 07:43 UTC] [email protected] 
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=eeaec70758bfc0c0e2c0f8944c8dbeae02866206
Log: Fix bug #67705 (extensive backtracking in rule regular expression)
 [2014-08-14 00:52 UTC] [email protected] 
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=28786a2f82addf7035a4871157f0b63492ac608b
Log: Fix bug #67705 (extensive backtracking in rule regular expression)
 [2014-08-14 00:52 UTC] [email protected] 
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=eeaec70758bfc0c0e2c0f8944c8dbeae02866206
Log: Fix bug #67705 (extensive backtracking in rule regular expression)
 [2014-10-07 23:13 UTC] [email protected] 
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=eeaec70758bfc0c0e2c0f8944c8dbeae02866206
Log: Fix bug #67705 (extensive backtracking in rule regular expression)
 [2014-10-07 23:24 UTC] [email protected] 
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=eeaec70758bfc0c0e2c0f8944c8dbeae02866206
Log: Fix bug #67705 (extensive backtracking in rule regular expression)
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed Dec 31 03:00:01 2025 UTC