From ecd4f0ee553cc3e11491f236763d6cc7cd6dd8a1 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 11 Nov 2008 20:48:02 -0500 Subject: make unlockwiki drop the cgilock This is necessary so that things that fork to the background, like pinger, and inline ping, don't block other cgis from running. Note that websetup also calls unlockwiki, before refreshing / rebuilding the wiki. It makes perfect sense for that not to block other cgis. --- debian/changelog | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'debian/changelog') diff --git a/debian/changelog b/debian/changelog index 2088b07ec..99f35482e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,5 +1,13 @@ -ikiwiki (2.69) UNRELEASED; urgency=low +ikiwiki (2.69) unstable; urgency=low + * Avoid multiple ikiwiki cgi processes piling up, eating all memory, + and thrashing, by making the cgi wrapper wait on a cgilock. + If you had to set apache's MaxClients low to avoid ikiwiki thrashing your + server, you can now turn it up to a high value. + * Stop busy-waiting in lockwiki, as this could delay ikiwiki from waking up + for up to one second. The bailout code is no longer needed after above + change. + * Remove support for unused optional wait parameter from lockwiki. * aggregate: Try to query XML::Feed for the base url when derelevatising links. Since this needs the just released XML::Feed 0.3, as well as a not yet released XML::RSS, it will fall back to the old method @@ -14,16 +22,8 @@ ikiwiki (2.69) UNRELEASED; urgency=low * tag: Normalize tagbase so leading/trailing slashes in it don't break things. * bzr: Fix dates for recentchanges. - * Avoid multiple ikiwiki cgi processes piling up, eating all memory, - and thrashing, by making the cgi wrapper wait on a cgilock. - If you had to set apache's MaxClients low to avoid ikiwiki thrashing your - server, you can now turn it up to a high value. - * Stop busy-waiting in lockwiki, as this could delay ikiwiki from waking up - for up to one second. The bailout code is no longer needed after above - change. - * Remove support for unused optional wait parameter from lockwiki. - -- Joey Hess Thu, 06 Nov 2008 16:01:00 -0500 + -- Joey Hess Tue, 11 Nov 2008 20:35:55 -0500 ikiwiki (2.68) unstable; urgency=low -- cgit v1.2.3 From 716560b7f15b6e15b246c39c11eb8181d91c8662 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 12 Nov 2008 17:19:41 -0500 Subject: check for invalid utf-8, and toss it back to avoid crashes Since ikiwiki uses open :utf8, perl assumes that files contain valid utf-8. If it turns out to be malformed it may later crash while processing strings read from them, with 'Malformed UTF-8 character (fatal)'. As at least a quick fix, use utf8::valid as soon as data is read, and if it's not valid, call encode_utf8 on the string, thus clearing the utf-8 flag. This may cause follow-on encoding problems, but will avoid this crash, and the input file was broken anyway, so GIGO is a reasonable response. (I looked at calling decode_utf8 after, but it seemed to cause more trouble than it was worth. BTW, use open ':encoding(utf8)' avaoids this problem, but the corrupted data later causes Storable to crash when writing the index.) This is a quick fix, clearly imperfect: - It might be better to explicitly call decode_utf8 when reading files, rather than using the IO layer. - Data read other than by readfile() can still sneak in bad utf-8. While ikiwiki does very little file input not using it, stdin for the CGI would be one way. --- IkiWiki.pm | 4 ++++ debian/changelog | 6 ++++++ doc/security.mdwn | 9 +++++++++ 3 files changed, 19 insertions(+) (limited to 'debian/changelog') diff --git a/IkiWiki.pm b/IkiWiki.pm index 5e21e7090..735dc97b1 100644 --- a/IkiWiki.pm +++ b/IkiWiki.pm @@ -721,6 +721,10 @@ sub readfile ($;$$) { #{{{ binmode($in) if ($binary); return \*$in if $wantfd; my $ret=<$in>; + # check for invalid utf-8, and toss it back to avoid crashes + if (! utf8::valid($ret)) { + $ret=encode_utf8($ret); + } close $in || error("failed to read $file: $!"); return $ret; } #}}} diff --git a/debian/changelog b/debian/changelog index 99f35482e..3838a3e90 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +ikiwiki (2.70) UNRELEASED; urgency=low + + * Avoid crash on malformed utf-8 discovered by intrigeri. + + -- Joey Hess Wed, 12 Nov 2008 17:30:33 -0500 + ikiwiki (2.69) unstable; urgency=low * Avoid multiple ikiwiki cgi processes piling up, eating all memory, diff --git a/doc/security.mdwn b/doc/security.mdwn index 0841abf49..1bc7b9e60 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -407,3 +407,12 @@ discovered on 30 May 2008 and fixed the same day. ([[!cve CVE-2008-0169]]) I recommend upgrading to 2.48 immediatly if your wiki allows both password and openid logins. + +## Malformed UTF-8 DOS + +Feeding ikiwiki page sources containing certian forms of malformed UTF-8 +can cause it to crash. This can potentially be used for a denial of service +attack. + +intrigeri discovered this problem on 12 Nov 2008 and a patch put in place +later that day. -- cgit v1.2.3 From 31a1a3215b715b2356c67378605c955af48ef1e5 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 12 Nov 2008 18:01:46 -0500 Subject: releasing version 2.70 --- debian/changelog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'debian/changelog') diff --git a/debian/changelog b/debian/changelog index 3838a3e90..dd19c1463 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,8 +1,8 @@ -ikiwiki (2.70) UNRELEASED; urgency=low +ikiwiki (2.70) unstable; urgency=low * Avoid crash on malformed utf-8 discovered by intrigeri. - -- Joey Hess Wed, 12 Nov 2008 17:30:33 -0500 + -- Joey Hess Wed, 12 Nov 2008 17:45:58 -0500 ikiwiki (2.69) unstable; urgency=low -- cgit v1.2.3