Last modified: 2011-11-30 16:10:01 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T2875, the corresponding Phabricator task for complete and up-to-date bug report information.

Bug 875 - Recursive categories lead to server timeouts and can be exploited for DoS


Summary:	Recursive categories lead to server timeouts and can be exploited for DoS

Status:	RESOLVED FIXED

Product:	MediaWiki
Classification:	Unclassified
Component:	Categories (Other open bugs)
Version:	unspecified
Hardware:	All All

Importance:	Highest blocker with 3 votes (vote)
Target Milestone:	---
Assigned To:	Nobody - You can work on this!

URL:	http://test.wikipedia.org/wiki/Templa...
Whiteboard:
Keywords:	testme

Duplicates:	817 (view as bug list)
Depends on:
Blocks:	202
	Show dependency tree / graph

Reported:	2004-11-13 22:45 UTC by Wikipedia:en:User:Paddu
Modified:	2011-11-30 16:10 UTC (History)
CC List:	1 user (show)

See Also:
Web browser:	---
Mobile Platform:	---
Assignee Huggle Beta Tester:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Wikipedia:en:User:Paddu 2004-11-13 22:45:12 UTC

As pointed out by [[test:User:Chris 73]] in [[test:]] and [[test:Bug reports]],
if a category page contains another category which is an ancestor of the former
category, there is an infinite loop when loading any of the categories in the
cycle formed by the categories as well as any page belonging to any of these
categories.

This is presumed to be due to the display of the "infinite" category hierarchy
in the page being loaded. The edit links of the categories and pages in those
categories work, though. Or else, this would've caused a denial of service as
everyone (except developers. of course) would be prevented from viewing or
editing the pages concerned.

Comment 1 en:User:Paddu 2004-11-13 23:07:21 UTC

Armed with enough bots (i.e. different logins/IPs), it could be possible to
really do a DoS since server time is wasted in the infinite loop and reverting
may not be able to cope with the bots. The DB could be made readonly and all
that, but still that's DoS as I understand. Hence making severity blocker and
marking as blocking bug 202 (in accordance with [[en:Wikipedia:Be bold]] :).

BTW shouldn't there be some way to report security-related bugs "private"ly or
some such thing?

Comment 2 Wikipedia:en:User:Paddu 2004-11-14 12:55:54 UTC

http://test.wikipedia.org/wiki/Category:Loop1?action=raw&ctype=text/css hangs
but
http://test.wikipedia.org/w/index.php?title=Category:Loop1&action=raw&ctype=text/css
works.

Comment 3 Wikipedia:en:User:Paddu 2004-11-14 13:11:52 UTC

*** Bug 817 has been marked as a duplicate of this bug. ***

Comment 4 Wikipedia:en:User:Paddu 2004-11-14 13:20:23 UTC

Copied from bug 817 comment 1:

[[test:WikiHiero]] refers to [[test:Category:Ancient Egypt]] which refers to
[[test:Category:Abcd%C8]] which refers to [[test:Category:Ancient Egypt]] which
triggers bug 875 which is why [[test:WikiHiero]] is inaccessible.

[[test:Template testing]] transcludes [[test:WikiHiero]] using {{:WikiHiero}}
which is why that page is also inaccessible.

Comment 5 Wikipedia:en:User:Paddu 2004-12-19 13:19:00 UTC

Hey this seems to have been resolved (try the URL for this bug)! Why's no one
making any noise about this?

Comment 6 Antoine "hashar" Musso (WMF) 2005-01-10 04:37:13 UTC

I believe Tim Starling fixed it. Need to be checked.

Comment 7 Zigger 2005-02-17 16:19:02 UTC

I can't reproduce this either, having tried 1.3.10, 1.4beta6+ and HEAD on a
local wiki, as test.wikipedia.org isn't available.  Marking as fixed based also
on comments 5 & 6 above.

Wikimedia Bugzilla is closed!

Search

Personal tools

Navigation

Links