Page MenuHomePhabricator
Files F32189689

0001-SECURITY-GlobalRename-Avoid-DoS-infinite-loop-in-sug.patch
Legoktm (Legoktm)
Actions

Authored By
Legoktm
Aug 20 2020, 8:16 AM
Size
4 KB
Referenced Files
None
Subscribers
None

0001-SECURITY-GlobalRename-Avoid-DoS-infinite-loop-in-sug.patch
View Options

From 3f35aa1bd878a846e830f646ce00dbdf50789471 Mon Sep 17 00:00:00 2001
From: Kunal Mehta <legoktm@member.fsf.org>
Date: Thu, 20 Aug 2020 01:12:30 -0700
Subject: [PATCH] SECURITY: GlobalRename: Avoid DoS/infinite loop in suggested
username feature
If a username is already at/near the max length, trying to generate a
suggested username on Special:GlobalRenameRequest will trigger an infinite
loop because no username can satisfy the requirements.
We can avoid the infinite loop by setting a counter and giving up after 5
tries. Also add a new help message variant for when we couldn't generate a
suggested username.
Bug: T260865
Change-Id: Idb0a7fcd3441652d3d9d556d0c66fa2254541cdb
---
i18n/en.json | 1 +
i18n/qqq.json | 1 +
.../specials/SpecialGlobalRenameRequest.php | 33 ++++++++++++++-----
3 files changed, 27 insertions(+), 8 deletions(-)
diff --git a/i18n/en.json b/i18n/en.json
index ae776755..059d0dd7 100644
--- a/i18n/en.json
+++ b/i18n/en.json
@@ -485,6 +485,7 @@
"globalrenamerequest-newname-err-invalid": "You have not specified a valid user name.",
"globalrenamerequest-newname-err-taken": "Username entered already in use. Please choose a different name.",
"globalrenamerequest-newname-help": "Enter the new username you wish to use, e.g., \"$1\".",
+ "globalrenamerequest-newname-help-basic": "Enter the new username you wish to use.",
"globalrenamerequest-newname-label": "Requested username:",
"globalrenamerequest-pretext" : "Request a new username to be known by across all projects.\n\nAll of your previous contributions will be connected with this new username.\n\nA list of requests made via this form will be made available to the users able to perform this operation. You will be notified by email when this process is completed.\n\nIf your request is related to a desire for anonymity/privacy, please note that a permanent log record will be created noting your previous name. As such, you might consider simply [[Special:CreateAccount|creating a separate and independent new account]], and having your current account renamed to something random and abandoning it.",
"globalrenamerequest-reason-label": "Reason for request",
diff --git a/i18n/qqq.json b/i18n/qqq.json
index 10cf1700..b5578ee5 100644
--- a/i18n/qqq.json
+++ b/i18n/qqq.json
@@ -504,6 +504,7 @@
"globalrenamerequest-newname-err-invalid": "Used as error message.",
"globalrenamerequest-newname-err-taken": "Used as error message.",
"globalrenamerequest-newname-help": "Form field inline help.\n\n* $1 is a randomly generated username suggestion.",
+ "globalrenamerequest-newname-help-basic": "Form field inline help.",
"globalrenamerequest-newname-label": "Form field label.",
"globalrenamerequest-pretext": "Instructions for rename process.",
"globalrenamerequest-reason-label": "Form field label.",
diff --git a/includes/specials/SpecialGlobalRenameRequest.php b/includes/specials/SpecialGlobalRenameRequest.php
index 822bfdb3..d10e04b9 100644
--- a/includes/specials/SpecialGlobalRenameRequest.php
+++ b/includes/specials/SpecialGlobalRenameRequest.php
@@ -139,6 +139,16 @@ class SpecialGlobalRenameRequest extends FormSpecialPage {
* @return array
*/
public function getFormFields() {
+ $suggestedUsername = $this->suggestedUsername();
+ if ( $suggestedUsername !== false ) {
+ $suggestedHelp = [
+ 'globalrenamerequest-newname-help',
+ $suggestedUsername,
+ ];
+ } else {
+ // Help message if we couldn't generate a suggested username
+ $suggestedHelp = 'globalrenamerequest-newname-help-basic';
+ }
$fields = [
'username' => [
'cssclass' => 'mw-globalrenamerequest-field',
@@ -156,10 +166,7 @@ class SpecialGlobalRenameRequest extends FormSpecialPage {
'name' => 'newname',
'required' => true,
'type' => 'text',
- 'help-message' => [
- 'globalrenamerequest-newname-help',
- $this->suggestedUsername(),
- ],
+ 'help-message' => $suggestedHelp,
'validation-callback' => [ $this, 'validateNewname' ],
],
];
@@ -212,13 +219,23 @@ class SpecialGlobalRenameRequest extends FormSpecialPage {
* Generate a username that appears to be globally available that an
* unimaginative user could use if they like.
*
- * @return string
+ * @return string|bool false if can't generate a username
*/
protected function suggestedUsername() {
- do {
+ // Only allow 5 tries (T260865)
+ $counter = 0;
+ // Whether we found a username that is available to use
+ $found = false;
+ while ( !$found && $counter < 5 ) {
$rand = $this->getUser()->getName() . rand( 123, 999 );
- } while ( !GlobalRenameRequest::isNameAvailable( $rand )->isOK() );
- return $rand;
+ $found = GlobalRenameRequest::isNameAvailable( $rand )->isOK();
+ $counter++;
+ }
+ if ( $found ) {
+ return $rand;
+ } else {
+ return false;
+ }
}
/**
--
2.26.2

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
8510513
Default Alt Text
0001-SECURITY-GlobalRename-Avoid-DoS-infinite-loop-in-sug.patch (4 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL