Cfilehelper Bug / Security Flaw

edeis · January 28, 2014, 1:44am

CFileHelper almost took down my server today. One single HTTP request to the index page resulted in a the generation of 1.9GB worth of http_error logs generated in 30 seconds (php timeout limit).

It looks like for whatever reason, the directory CFileHelper was trying to access was temporarily not accessible and got stuck in a loop.

Access_log:

IPWITHHELD - [27/Jan/2014:16:05:05 -0800] "GET / HTTP/1.1" 500 274 - 54944004 "-" "Mozilla/5.0 (Windows NT 5.1; rv:21.0) Gecko/20100101 Firefox/21.0"

–Only 1 single request from this IP in the logs.

Error_log::

[Mon Jan 27 16:05:05 2014] [error] [client IPwithheld] FastCGI: server "/var/www/cgi-bin/php.fcgi" stderr: PHP Notice: Undefined index: errorCode in [dirwitheld]protected/controllers/ErrorController.php on line 24

[Mon Jan 27 16:05:05 2014] [error] [client IPwithheld] FastCGI: server "/var/www/cgi-bin/php.fcgi" stderr: PHP Warning: [dirwitheld]/assets/3915c108): failed to open dir: No such file or directory in [dirwitheld]yii-1.1.12.b600af/framework/utils/CFileHelper.php on line 160

[Mon Jan 27 16:05:05 2014] [error] [client IPwithheld] FastCGI: server "/var/www/cgi-bin/php.fcgi" stderr: PHP Warning: readdir() expects parameter 1 to be resource, boolean given in [dirwitheld]yii/yii-1.1.12.b600af/framework/utils/CFileHelper.php on line 161

[Mon Jan 27 16:05:05 2014] [error] [client IPwithheld] FastCGI: server "/var/www/cgi-bin/php.fcgi" stderr: PHP Warning: readdir() expects parameter 1 to be resource, boolean given in [dirwitheld]yii-1.1.12.b600af/framework/utils/CFileHelper.php on line 161

–the readdir() error repeats for 1.9 GigaBytes worth.

and then finally ends:

[Mon Jan 27 16:06:00 2014] [error] [client IPwithheld] FastCGI: server "/var/www/cgi-bin/php.fcgi" stderr: PHP Fatal error: Maximum execution time of 30 seconds exceeded in [dirwitheld]yii-1.1.12.b600af/framework/utils/CFileHelper.php on line 161

Line 161 is referring to:


while(($file=readdir($handle))!==false)

Wouldn’t this fix it:


while(is_resource($handle) && ($file=readdir($handle))!==false)

Any better ways?

I’m not sure if I goofed anything in my error controller, as that was the first error logged. But it shouldn’t matter. CFileHandler shouldn’t go nuts to make 1.9GB of log files. If anything should probably add: isset($error[‘errorCode’]) to line24.


	public function actionError()

	{

            $error = Yii::app()->errorHandler->error;

	    if($error)

	    {


LINE24:		    if ($error['errorCode']==404) //special handling for 404 errors

		    {

nineinchnick · January 28, 2014, 6:05am

You should post is as an issue on Github in both Yii 1 and Yii 2.

CeBe · January 28, 2014, 10:13am

Fixed. Thanks for reporting!

edeis · February 2, 2014, 9:55pm

Thanks. That fixed it for me.