Last modified: 2011-11-30 16:10:01 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T2875, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 875 - Recursive categories lead to server timeouts and can be exploited for DoS
Recursive categories lead to server timeouts and can be exploited for DoS
Product: MediaWiki
Classification: Unclassified
Categories (Other open bugs)
All All
: Highest blocker with 3 votes (vote)
: ---
Assigned To: Nobody - You can work on this!
: testme
: 817 (view as bug list)
Depends on:
Blocks: 202
  Show dependency treegraph
Reported: 2004-11-13 22:45 UTC by Wikipedia:en:User:Paddu
Modified: 2011-11-30 16:10 UTC (History)
1 user (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Description Wikipedia:en:User:Paddu 2004-11-13 22:45:12 UTC
As pointed out by [[test:User:Chris 73]] in [[test:]] and [[test:Bug reports]],
if a category page contains another category which is an ancestor of the former
category, there is an infinite loop when loading any of the categories in the
cycle formed by the categories as well as any page belonging to any of these

This is presumed to be due to the display of the "infinite" category hierarchy
in the page being loaded. The edit links of the categories and pages in those
categories work, though. Or else, this would've caused a denial of service as
everyone (except developers. of course) would be prevented from viewing or
editing the pages concerned.
Comment 1 en:User:Paddu 2004-11-13 23:07:21 UTC
Armed with enough bots (i.e. different logins/IPs), it could be possible to
really do a DoS since server time is wasted in the infinite loop and reverting
may not be able to cope with the bots. The DB could be made readonly and all
that, but still that's DoS as I understand. Hence making severity blocker and
marking as blocking bug 202 (in accordance with [[en:Wikipedia:Be bold]] :).

BTW shouldn't there be some way to report security-related bugs "private"ly or
some such thing?
Comment 3 Wikipedia:en:User:Paddu 2004-11-14 13:11:52 UTC
*** Bug 817 has been marked as a duplicate of this bug. ***
Comment 4 Wikipedia:en:User:Paddu 2004-11-14 13:20:23 UTC
Copied from bug 817 comment 1:

[[test:WikiHiero]] refers to [[test:Category:Ancient Egypt]] which refers to
[[test:Category:Abcd%C8]] which refers to [[test:Category:Ancient Egypt]] which
triggers bug 875 which is why [[test:WikiHiero]] is inaccessible.

[[test:Template testing]] transcludes [[test:WikiHiero]] using {{:WikiHiero}}
which is why that page is also inaccessible.
Comment 5 Wikipedia:en:User:Paddu 2004-12-19 13:19:00 UTC
Hey this seems to have been resolved (try the URL for this bug)! Why's no one
making any noise about this?
Comment 6 Antoine "hashar" Musso (WMF) 2005-01-10 04:37:13 UTC
I believe Tim Starling fixed it. Need to be checked.
Comment 7 Zigger 2005-02-17 16:19:02 UTC
I can't reproduce this either, having tried 1.3.10, 1.4beta6+ and HEAD on a
local wiki, as isn't available.  Marking as fixed based also
on comments 5 & 6 above.

Note You need to log in before you can comment on or make changes to this bug.