Page MenuHomePhabricator

DoS attack vector in the WikibaseQualityConstraints extension
Closed, ResolvedPublic

Description

We found a DoS vector in the Wikibase-Quality-Constraints extension thats extremely easy to exploit. All you need to do is to create more than one "subclass of" statement that are self-references to the item. Any “type” constraint on this item will then invoke isSubtypeOf 2^20 times for two self-references, 3^20 times for three, and so on. (If the constraint has the relation “instance” instead of “subclass”, you also need a single “instance of” statement from the item to itself.)

This is the fix that should be backported: https://gerrit.wikimedia.org/r/353082

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 10 2017, 3:40 PM

Backporting the fix will unfortunately conflict due to the tree-wide array ()[] migration. But that conflict is only in the tests – you could just not apply that part of the change. (Alternatively, you can resolve the conflict – it’s not huge, just three lines. Or if you tell me what the base commit should be, I can do it…)

thiemowmde moved this task from incoming to in progress on the Wikidata board.
thiemowmde moved this task from Proposed to Doing on the Wikidata-Former-Sprint-Board board.
aude added a comment.May 11 2017, 2:10 PM

deployed the fix for this

So can we close and publish this task now? I’m not sure how this works…

Lucas_Werkmeister_WMDE closed this task as Resolved.May 30 2017, 10:22 AM
Lucas_Werkmeister_WMDE claimed this task.

I guess we can mark this as resolved now, since the fix has been merged, backported, and deployed for a while.

Bawolff changed the visibility from "Custom Policy" to "Public (No Login Required)".Dec 13 2017, 6:27 PM