An infinite loop in views/include/handlers.inc (824-826) can cause denial of service under some conditions involving broken/bad views from third party modules.
The infinite loop occurs when views_get_table_join returns null, which may be caught during development, with the developer module enabled. This is caused by bad, broken or misconfigured third party modules.
When whatchdog dblog and or syslog modules are enabled this causes a flood of watchdog notices, which can quickly eat all of the disk space available, leading to denial of service.
I propose to solve the infinite loop issue, as we can't know how views_get_table_join is used in the wild.
while (!empty($r_join) && $r_join->left_table != $base_table) {
$r_join = views_get_table_join($r_join->left_table, $base_table);
}
Comment | File | Size | Author |
---|---|---|---|
#1 | views-2492687-1.patch | 622 bytes | dikini |
|
Comments
Comment #1
dikini CreditAttribution: dikini at iO1 Limited commentedPatch removing the possibility of an infinite loop
Comment #2
dikini CreditAttribution: dikini at iO1 Limited commentedComment #3
John Morahan CreditAttribution: John Morahan commentedComment #4
pal4life CreditAttribution: pal4life commented+1 we just experienced this on one of our sites as well. It was also giving the ajax error on dev sites.
Comment #5
dikini CreditAttribution: dikini at iO1 Limited commentedanyone out there?
Comment #6
DamienMcKennaComment #7
dsnopekThe security team evaluated if this needed to be handled in private and fixed with an SA, but decided that it can be handled in public because it's not exploitable without adding a custom module and a View that depends on it, and if an attacker has permission to do that, you have much bigger problems. :-) Re-publishing this issue!
Comment #8
DamienMcKennaWe'll include this in the next release.
Comment #9
dawehnerI'm curious, doesn't this problem exist in Drupal 8 core as well?
Comment #11
DamienMcKennaCommitted. Thanks.
Comment #12
dawehnerThis needs a port to Drupal 8. Can someone open up an issue for that, please?