0000458: Check whether opendir() was successful - WackoWiki Bug Tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0000458	WackoWiki	security	public	2016-04-25 03:17	2017-08-31 09:36

Reporter	CodeFetch	Assigned To	administrator
Priority	high	Severity	major	Reproducibility	always
Status	resolved	Resolution	fixed
Product Version	5.4.0
Target Version	5.5.0	Fixed in Version	5.5.0

Summary	0000458: Check whether opendir() was successful
Description	Hi folks, WackoWiki is really a great tool, but it was utmost frustrating to getting it running properly. This issue concerns the stable, testing and the development branch. I really don't like Sourceforge, neither do I like that this shitty bugtracker system doesn't even have TLS... So sorry for not committing the patch. Why is it a security concern? Because this can easily cause extreme load on the server by simply doing many requests which can even render the server unusuable. You often do something like that when working with opendir: $directory = $this->config['cache_dir'].CACHE_PAGE_DIR; $handle = opendir(rtrim($directory, '/')); while (false !== ($file = readdir($handle))) { if (is_file($directory.$file) && ((time() - @filemtime($directory.$file)) > $ttl)) { @unlink($directory.$file); } } Minor beginner PHP mistake The problem with that is, that you do a readdir($handle) before ever having checked whether the opendir() was successful. What if the directory doesn't even exist or file permissions are set incorrectly??? As this part of the code is being executed at random times only, due to "$this->get_micro_time() % 3" you have a really, really annoying bug. The simple fix is to only do the while-loop and the dirclose() if opendir() was successful: // delete from fs clearstatcache(); $directory = rtrim($this->config['cache_dir'].CACHE_PAGE_DIR, '/'); if($handle = opendir($directory)) { while (false !== ($file = readdir($handle))) { if (is_file($directory.$file) && ((time() - @filemtime($directory.$file)) > $ttl)) { @unlink($directory.$file); } } closedir($handle); } Look at the example on http://php.net/manual/en/function.readdir.php You did everything exactly the same way (even variable-naming), but forgot the if($handle = opendir("bla"))... Greetz, CodeFetch
Steps To Reproduce	Just delete the subdirs in _cache and reload one of the WackoWiki-pages several times. An Error 500 or maybe "Max execution time exceeded" will be thrown depending on your server config. Sometimes you need to reload the page very often to see this issue, as it is triggered randomly due to those lines: if (!($this->get_micro_time() % 3)) { $this->maintenance(); }
Additional Information	Please switch to Github. -> Mercurial: https://bitbucket.org/wackowiki/wackowiki-dev/overview
Tags	No tags attached.

Date Modified	Username	Field	Change
2016-04-25 03:17	CodeFetch	New Issue
2016-04-25 07:19	administrator	Status	new => confirmed
2016-04-25 07:19	administrator	Product Version	=> 5.4.0
2016-04-25 07:19	administrator	Target Version	=> 5.5.0
2016-04-25 07:19	administrator	Steps to Reproduce Updated
2016-04-25 07:19	administrator	Additional Information Updated
2016-04-25 08:03	administrator	Note Added: 0000962
2016-04-25 08:07	administrator	Summary	Minor beginner PHP mistake => Check whether opendir() was successful
2016-04-25 08:07	administrator	Description Updated
2016-05-03 14:45	administrator	Assigned To	=> administrator
2016-05-03 14:45	administrator	Status	confirmed => resolved
2016-05-03 14:45	administrator	Resolution	open => fixed
2016-05-03 14:45	administrator	Fixed in Version	=> 5.5.0
2016-09-21 09:18	administrator	Fixed in Version	5.5.0 => 5.5.rc2
2017-08-31 09:36	administrator	Fixed in Version	5.5.rc2 => 5.5.0