Tags:
create new tag
, view all tags

Bug: Endless loop trying to include whole page in WEBTOPICLIST

It will not happen often: If someone tries to include a whole page in the WEBTOPICLIST, an endless loop occurs and twiki consumes all cpu-time and RAM, because the included page has a WEBTOPICLIST ...

As I noticed, includes in normal text stops after 4 levels of inclusion, but there seems to be no endlessloop check in this case.

Test case

In WebPreferences: 

      * Set WEBTOPICLIST = %INCLUDE{"WebIndex"}%

Environment

TWiki version: TWikiRelease01Dec2001
TWiki plugins: -
Server OS: -
Web server: -
Perl version: -
Client OS: -
Web Browser: -

-- BeatDoebeli - 28 Jan 2003

Follow up

Bounced because this still exists, and it constitutes an obvious vulnerability for a DOS attack on a public twiki.

-- CrawfordCurrie - 21 Jul 2004

Fix record

Fixed (in DEVELOP) which handles recursive includes correcty..

-- CrawfordCurrie - 13 Feb 2005

ChangeProposalForm
TopicClassification BugReport
TopicSummary DOS vulnerability in WEBTOPICLIST
CurrentState ReadyForMerge
OutstandingIssues Really need a testcase, in case this vulnerability is really something different to recursive includes (which are tested)
RelatedTopics

InterestedParties

ProposedFor DakarRelease
TWikiContributors CrawfordCurrie
Edit | Attach | Print version | History: r5 < r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r5 - 2005-02-13 - SamHasler
 

Twitter Delicious Facebook Digg Google Bookmarks E-mail LinkedIn Reddit StumbleUpon    
  • Download TWiki
TWiki logo Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2012 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.