Page MenuHomePhabricator

DoS attack vector in the WikibaseQualityConstraints extension
Closed, ResolvedPublic


We found a DoS vector in the Wikibase-Quality-Constraints extension thats extremely easy to exploit. All you need to do is to create more than one "subclass of" statement that are self-references to the item. Any “type” constraint on this item will then invoke isSubtypeOf 2^20 times for two self-references, 3^20 times for three, and so on. (If the constraint has the relation “instance” instead of “subclass”, you also need a single “instance of” statement from the item to itself.)

This is the fix that should be backported:

Event Timeline

Backporting the fix will unfortunately conflict due to the tree-wide array ()[] migration. But that conflict is only in the tests – you could just not apply that part of the change. (Alternatively, you can resolve the conflict – it’s not huge, just three lines. Or if you tell me what the base commit should be, I can do it…)

So can we close and publish this task now? I’m not sure how this works…

Lucas_Werkmeister_WMDE claimed this task.

I guess we can mark this as resolved now, since the fix has been merged, backported, and deployed for a while.

Bawolff changed the visibility from "Custom Policy" to "Public (No Login Required)".Dec 13 2017, 6:27 PM