There is constant work done on PHP, and the most recent minor release (8.0) has several excellent bug fixes.
Contents
Denial of service with a file
My focus is on the PHAR wrapper modification in particular. In order to create applications, PHP developers may use PHAR, a program that combines PHP files. In rare cases, the PHP PHAR wrapper might become stuck in an endless loop. This was a critical defect to address since it affected all file operations, including file exists and others.
The user must submit a document to the PHP server in order to take advantage of the flaw. The interesting aspect is the required structure of the file.
Self-containing gzip archive
You may not have realized this, but gzip archives can really be converted into quines. Therefore, a gzip file may function as an independent program rather than just a container for compressed information. Operations and archival materials from a higher level may be a part of it.
Self-contained applications were popular in the demoscene some years ago. In the heyday of computer programming, this function was essential for getting the most out of each data byte. Even getting down to the point where 256 bytes of data is all that’s needed for such visuals:
How it connects
Thus, the PHAR wrapper will enter an endless loop attempting to complete the processing of the document whenever the gzip archive is self-contained in a certain fashion. But this can’t happen since the document will actively prevent it from being completed.
To put it another way, a malicious user may submit a gzip file using the PHAR protocol and effectively shut down the system. In the most recent 8.1.11 update, that is one of the wonderful fixes. Because it exemplifies how far the community will go to uncover a problem and resolve it, even if it seems hopeless at first.
It’s an excellent place to begin exploring quins, a complex yet fascinating topic of software development.
