Page MenuHomePhabricator

Recursive categories lead to server timeouts and can be exploited for DoS
Closed, ResolvedPublic


Author: bugzillas+padREMOVETHISdu

As pointed out by [[test:User:Chris 73]] in [[test:]] and [[test:Bug reports]],
if a category page contains another category which is an ancestor of the former
category, there is an infinite loop when loading any of the categories in the
cycle formed by the categories as well as any page belonging to any of these

This is presumed to be due to the display of the "infinite" category hierarchy
in the page being loaded. The edit links of the categories and pages in those
categories work, though. Or else, this would've caused a denial of service as
everyone (except developers. of course) would be prevented from viewing or
editing the pages concerned.

Version: unspecified
Severity: blocker



Event Timeline

bzimport raised the priority of this task from to Unbreak Now!.Nov 21 2014, 7:04 PM
bzimport set Reference to bz875.
bzimport added a subscriber: Unknown Object (MLST).

0paddu wrote:

Armed with enough bots (i.e. different logins/IPs), it could be possible to
really do a DoS since server time is wasted in the infinite loop and reverting
may not be able to cope with the bots. The DB could be made readonly and all
that, but still that's DoS as I understand. Hence making severity blocker and
marking as blocking bug 202 (in accordance with [[en:Wikipedia:Be bold]] :).

BTW shouldn't there be some way to report security-related bugs "private"ly or
some such thing?

bugzillas+padREMOVETHISdu wrote:

*** Bug 817 has been marked as a duplicate of this bug. ***

bugzillas+padREMOVETHISdu wrote:

Copied from bug 817 comment 1:

[[test:WikiHiero]] refers to [[test:Category:Ancient Egypt]] which refers to
[[test:Category:Abcd%C8]] which refers to [[test:Category:Ancient Egypt]] which
triggers bug 875 which is why [[test:WikiHiero]] is inaccessible.

[[test:Template testing]] transcludes [[test:WikiHiero]] using {{:WikiHiero}}
which is why that page is also inaccessible.

bugzillas+padREMOVETHISdu wrote:

Hey this seems to have been resolved (try the URL for this bug)! Why's no one
making any noise about this?

I believe Tim Starling fixed it. Need to be checked.

zigger wrote:

I can't reproduce this either, having tried 1.3.10, 1.4beta6+ and HEAD on a
local wiki, as isn't available. Marking as fixed based also
on comments 5 & 6 above.

sumanah_panixcom wrote:

content hidden as private in Bugzilla