create new tag
, view all tags

Bug: Endless loop trying to include whole page in WEBTOPICLIST

It will not happen often: If someone tries to include a whole page in the WEBTOPICLIST, an endless loop occurs and twiki consumes all cpu-time and RAM, because the included page has a WEBTOPICLIST ...

As I noticed, includes in normal text stops after 4 levels of inclusion, but there seems to be no endlessloop check in this case.

Test case

In WebPreferences:

      * Set WEBTOPICLIST = %INCLUDE{"WebIndex"}% 


TWiki version: TWikiRelease01Dec2001
TWiki plugins: -
Server OS: -
Web server: -
Perl version: -
Client OS: -
Web Browser: -

-- BeatDoebeli - 28 Jan 2003

Follow up

Bounced because this still exists, and it constitutes an obvious vulnerability for a DOS attack on a public twiki.

-- CrawfordCurrie - 21 Jul 2004

Fix record

Fixed (in DEVELOP) which handles recursive includes correcty..

-- CrawfordCurrie - 13 Feb 2005

TopicClassification BugReport
TopicSummary DOS vulnerability in WEBTOPICLIST
CurrentState ReadyForMerge
OutstandingIssues Really need a testcase, in case this vulnerability is really something different to recursive includes (which are tested)


ProposedFor DakarRelease
TWikiContributors CrawfordCurrie
Edit | Attach | Watch | Print version | History: r5 < r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r5 - 2005-02-13 - SamHasler
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2018 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.