git.koha-community.org Git - koha.git/commit

author	Chris Cormack <chris@bigballofwax.co.nz>
	Sun, 25 Jun 2017 05:34:12 +0000 (17:34 +1200)
committer	Katrin Fischer <katrin.fischer.83@web.de>
	Wed, 19 Jul 2017 21:17:49 +0000 (23:17 +0200)
commit	210f7cdcf340596542fd99e1ab603020c972a3b7
tree	2ecef0178bfe944f17da4230d074df928e565ad5	tree \| snapshot
parent	487d7c55d60cb1ae45d13a8bd34ef4ca207c7dcb	commit \| diff

Bug 18854 - Protect from DOS

There was a bug that meant a very large offset in the search params
will cause the search script to run forever (or long enough to crash
the machine)

To test

1/ Get ready with sudo top so you can kill the thread before it causes
your machine to OOM
2/ Hit a page like yourdomain.com/cgi-bin/koha/opac-search.pl?q=1&offset=-9999999999999999999
3/ Notice the process runs for a long time
4/ Kill the process
5/ Apply the patch
6/ Hit the page again, notice the it loads (offset is set to zero)
7/ Do the same to search in the staff client

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Amended: changed -2 to 0 in opac-search.pl.
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 99b32717cd2596ce89a2d46b8cb4ddbba2dea5ad)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit a64d14db20ac55fe4bcc8de06207c516d2237788)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

catalogue/search.pl		diff \| blob \| history
opac/opac-search.pl		diff \| blob \| history