An infinite loop in views/include/handlers.inc (824-826) can cause denial of service under some conditions involving broken/bad views from third party modules.

The infinite loop occurs when views_get_table_join returns null, which may be caught during development, with the developer module enabled. This is caused by bad, broken or misconfigured third party modules.

When whatchdog dblog and or syslog modules are enabled this causes a flood of watchdog notices, which can quickly eat all of the disk space available, leading to denial of service.

I propose to solve the infinite loop issue, as we can't know how views_get_table_join is used in the wild.

    while (!empty($r_join) && $r_join->left_table != $base_table) {
      $r_join = views_get_table_join($r_join->left_table, $base_table);
    }
CommentFileSizeAuthor
#1 views-2492687-1.patch622 bytesdikini
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

dikini’s picture

dikini CreditAttribution: dikini at iO1 Limited commented
FileSize
views-2492687-1.patch622 bytes

Patch removing the possibility of an infinite loop

dikini’s picture

dikini CreditAttribution: dikini at iO1 Limited commented
John Morahan’s picture

John Morahan CreditAttribution: John Morahan commented
Status: Active » Needs review
pal4life’s picture

pal4life CreditAttribution: pal4life commented

+1 we just experienced this on one of our sites as well. It was also giving the ajax error on dev sites.

dikini’s picture

dikini CreditAttribution: dikini at iO1 Limited commented

anyone out there?

DamienMcKenna’s picture

DamienMcKenna
Location NH, USA
CreditAttribution: DamienMcKenna at Mediacurrent commented
dsnopek’s picture

dsnopek
he/him
Primary language English
Location USA
CreditAttribution: dsnopek commented

The security team evaluated if this needed to be handled in private and fixed with an SA, but decided that it can be handled in public because it's not exploitable without adding a custom module and a View that depends on it, and if an attacker has permission to do that, you have much bigger problems. :-) Re-publishing this issue!

DamienMcKenna’s picture

DamienMcKenna
Location NH, USA
CreditAttribution: DamienMcKenna at Mediacurrent commented
Parent issue: » #2903944: Plan for Views 7.x-3.19 release

We'll include this in the next release.

dawehner’s picture

dawehner
Primary language German
CreditAttribution: dawehner as a volunteer and at Chapter Three commented

I'm curious, doesn't this problem exist in Drupal 8 core as well?

  • DamienMcKenna committed a5caa46 on 7.x-3.x authored by dikini 
    Issue #2492687 by dikini: An infinite loop in include/handlers.inc can...
DamienMcKenna’s picture

DamienMcKenna
Location NH, USA
CreditAttribution: DamienMcKenna at Mediacurrent commented
Title: An infinite loop in views/include handlers.inc can cause denial of service » An infinite loop in include/handlers.inc can cause denial of service
Status: Needs review » Fixed

Committed. Thanks.

dawehner’s picture

dawehner
Primary language German
CreditAttribution: dawehner as a volunteer and at Chapter Three commented

This needs a port to Drupal 8. Can someone open up an issue for that, please?

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.