- I'm borrowing your CPU with jsMiner, an embeddable JavaScript Bitcoin miner
- Things I wish I knew before I registered my first domain name - A domain name registration guide for webmasters
- x87 FPU PHP bug causes infinite loop - affected websites vulnerable to DoS via PHP $_GET function (2.2250738585072011e-308)
- IRCCloud.com review with screenshots - AJAX IRC client / bouncer (BNC)
- A few notes on Diaspora
- Tim-Berners Lee allows HTML Canvas 2D API, HTML Microdata and HTML+RDFa Working Drafts to be published
- WHATWG drops <video> and <audio> codec requirements from HTML5 specification
- Deep linking in jQuery with jQuery Address
- jCart - Free and Open Source AJAX Shopping Cart based on jQuery and PHP
- Self-signed SSL certificates vs commercial SSL certificates: How Mozilla is killing self-signed certificates
x87 FPU PHP bug causes infinite loop - affected websites vulnerable to DoS via PHP $_GET function (2.2250738585072011e-308)
Posted January 4th, 2011 by unitone
tl;dr PHP Bug #53632 may be used for DoS attack
PHP compiles by default with x87 math. The x87 FPU is deprecated, and replaced by SSE.
The old GCC bug 323 (a feature request) causes PHP to hang on the numeric value 2.2250738585072011e-308
The x87 FPU PHP Bug #53632 poses serious DoS security risks, as many websites run on servers with PHP compiled with default CFLAGS.
To DoS an affected website, all an attacker has to do is send the numeric value 2.2250738585072011e-308 to the PHP $_GET function which is used to collect values from a form sent with method="get". The server will try to interpret 2.2250738585072011e-308 as a number, and produce an infinite loop which will eat all available system resources and lock the PHP process.
For example, DoS on affected Drupal powered website: http://www.vedetta.com/node/2.2250738585072011e-308
To fix this, PHP must be compiled with the following CFLAGS: -mfpmath=sse
(use SSE, disable x87 FPU)
[edit] Patch: Fixed Bug #53632 (infinite loop with x87 fpu). (Scott, Rasmus)
x87 vs. SSE
Interview with William Kahan, mathematician and computer scientist involved in designing the 8087 math coprocessor
Java Runtime and Compiler can be sent into an infinite loop in a similar fashion http://www.exploringbinary.com/java-hangs-when-converting-2-225073858507...
Oracle Security Alert with a fix (Java SE Floating Point Updater Tool) for the vulnerability CVE-2010-4476 http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-30...