Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#2420 (ok 2.10.2) incorrect \"possible deep recursion attack\"

2.10.0.2
fixed
Marc Delisle
1
2014-12-05
2007-04-29
Kevin Stange
No

A customer of ours has a fairly big table with lots of enums, like the one at the end of this text. Whenever he tries to insert a row (of any configuration) using phpMyAdmin, it dies with "possible deep recursion attack" The server is running MySQL 4.1.20 and PHP 4.4.6. It seems this is a security feature of some kind that was added in this version, which might be tripped incorrectly. If I can provide any further information to be more helpful, please let me know.

CREATE TABLE `inf_servicios` (
`id_inf_servicios` int(10) unsigned NOT NULL auto_increment,
`inmueble_idinmueble` int(10) unsigned NOT NULL default '0',
`:: Detalles de la Propiedad` enum('<img src="images/click.gif">') default NULL,
`Area_total_mt2` int(2) default NULL,
`Area_edificada_mt2` int(2) default NULL,
`Muralla_perimetral` enum('<img src="images/click.gif">') default NULL,
`Cercado_perimetral` enum('<img src="images/click.gif">') default NULL,
`Vereda_tipo` enum('cemento','piedra','baldosas de canto rodado','baldosas de cemento','baldosa calcárea','tierra') default NULL,
`Fecha_de_construccion` int(4) default NULL,
`Total_de_plantas` int(2) default NULL,
`Total_de_dependencias` int(2) default NULL,
`Total_sanitarios` int(2) default NULL,
`Conservacion_del_inmueble` enum('malo','regular','bueno','muy bueno','excelente') default NULL,
`:: Area Intima` enum('<img src="images/click.gif">') NOT NULL default '<img src="images/click.gif">',
`Dormitorios_en_suite` int(2) default NULL,
`Dormitorios_con_placard` int(2) default NULL,
`Total_de_dormitorios` int(2) default NULL,
`Dormitorios_con_aacc` enum('1','2','3','4','5','6','7','8','9','10','11','12','13','14','15','todos') default NULL,
`Dormitorios_con_calefaccion` enum('1','2','3','4','5','6','7','8','9','10','11','12','13','14','15','todos') default NULL,
`Estar_intimo` enum('<img src="images/click.gif">') default NULL,
`:: Area Social` enum('<img src="images/click.gif">') NOT NULL default '<img src="images/click.gif">',
`Cuarto_de_estudio` enum('<img src="images/click.gif">') default NULL,
`Comedor_social` enum('<img src="images/click.gif">') default NULL,
`Comedor_diario` enum('<img src="images/click.gif">') default NULL,
`Estar_diario` enum('<img src="images/click.gif">') default NULL,
`Estar_comedor` enum('<img src="images/click.gif">') default NULL,
`Living` enum('<img src="images/click.gif">') default NULL,
`Escritorio` enum('<img src="images/click.gif">') default NULL,
`Galeria` enum('<img src="images/click.gif">') default NULL,
`Quincho` enum('<img src="images/click.gif">') default NULL,
`:: Area de Servicio` enum('<img src="images/click.gif">') default NULL,
`Despensa` enum('<img src="images/click.gif">') default NULL,
`Cocina` enum('<img src="images/click.gif">') default NULL,
`Cuartos_de_servicio` enum('<img src="images/click.gif">') default NULL,
`Sanitario_de_servicio` enum('<img src="images/click.gif">') default NULL,
`Acceso_de_Servicio` enum('<img src="images/click.gif">') default NULL,
`Lavadero_de_ropa` enum('<img src="images/click.gif">') default NULL,
`Cuarto_de_deposito` enum('<img src="images/click.gif">') default NULL,
`:: Area Recreativa` enum('<img src="images/click.gif">') default NULL,
`Cuarto_de_juegos` enum('<img src="images/click.gif">') default NULL,
`Biblioteca` enum('<img src="images/click.gif">') default NULL,
`Gimnasio` enum('<img src="images/click.gif">') default NULL,
`Piscina` enum('<img src="images/click.gif">') default NULL,
`Cancha_de_futbol` enum('<img src="images/click.gif">') default NULL,
`Cancha_de_tenis` enum('<img src="images/click.gif">') default NULL,
`Cancha_de_voley` enum('<img src="images/click.gif">') default NULL,
`Patio` enum('grande','mediano','chico') default NULL,
`:: Comodidades` enum('<img src="images/click.gif">') default NULL,
`Amoblado` enum('<img src="images/click.gif">') default NULL,
`Chimenea` enum('<img src="images/click.gif">') default NULL,
`Balcon_terraza` enum('<img src="images/click.gif">') default NULL,
`Material_de_pisos` enum('Ceramico','Granito','Alfombra','Parquet','Mosaicos','Marmol','Granito - Cerámico - Moquet','Vinílico','Cemento','Cerámico - Moquet','Granito - Moquet') default NULL,
`Herrajes_de_lujo` enum('<img src="images/click.gif">') default NULL,
`Ascensor` enum('<img src="images/click.gif">') default NULL,
`Montacargas` enum('<img src="images/click.gif">') default NULL,
`Sauna` enum('<img src="images/click.gif">') default NULL,
`Hidromasaje` enum('<img src="images/click.gif">') default NULL,
`Barbacoa_parrilla` enum('<img src="images/click.gif">') default NULL,
`Sistema_de_riego` enum('<img src="images/click.gif">') default NULL,
`Bodega_de_vinos` enum('<img src="images/click.gif">') default NULL,
`Porton_electrico` enum('<img src="images/click.gif">') default NULL,
`Portero_electrico` enum('<img src="images/click.gif">') default NULL,
`Video_portero` enum('<img src="images/click.gif">') default NULL,
`Plazas_de_Garage` enum('1','2','3','4','5','6','7','8','9','10','11','12','13','14') default NULL,
`Estacionamiento` enum('<img src="images/click.gif">') default NULL,
`:: Infraestructura - Servicios` enum('<img src="images/click.gif">') default NULL,
`Energia_electrica` enum('<img src="images/click.gif">') default NULL,
`Generador_de_emergencia` enum('<img src="images/click.gif">') default NULL,
`Alumbrado_publico` enum('<img src="images/click.gif">') default NULL,
`Agua_corriente` enum('<img src="images/click.gif">') default NULL,
`Pozo_artesiano` enum('<img src="images/click.gif">') default NULL,
`Linea_telefonica` enum('<img src="images/click.gif">') default NULL,
`TV_cable` enum('<img src="images/click.gif">') default NULL,
`Internet` enum('<img src="images/click.gif">') default NULL,
`Desague_pluvial` enum('<img src="images/click.gif">') default NULL,
`Desague_cloacal` enum('<img src="images/click.gif">') default NULL,
`Pozo_ciego` enum('<img src="images/click.gif">') default NULL,
`Camara_septica` enum('<img src="images/click.gif">') default NULL,
`Aberturas_de_blindex` enum('<img src="images/click.gif">') default NULL,
`:: Seguridad` enum('<img src="images/click.gif">') default NULL,
`Puertas_blindadas` enum('<img src="images/click.gif">') default NULL,
`Sistema_de_alarma` enum('<img src="images/click.gif">') default NULL,
`Guardia_privada` enum('<img src="images/click.gif">') default NULL,
`Circuito_cerrado_video` enum('<img src="images/click.gif">') default NULL,
`Sistema_contra_incendios` enum('<img src="images/click.gif">') default NULL,
`Escalera_de_incendios` enum('<img src="images/click.gif">') default NULL,
`Disyuntor_electrico` enum('<img src="images/click.gif">') default NULL,
`Salida_de_emergencia` enum('<img src="images/click.gif">') default NULL,
`:: Extra Info` enum('<img src="images/click.gif">') default NULL,
`Aislacion_termica` enum('<img src="images/click.gif">') default NULL,
`Aislacion_acustica` enum('<img src="images/click.gif">') default NULL,
`Aislacion_hidrofuga` enum('<img src="images/click.gif">') default NULL,
`Aire_acondicionado_central` enum('<img src="images/click.gif">') default NULL,
`Calefaccion_central` enum('<img src="images/click.gif">') default NULL,
PRIMARY KEY (`id_inf_servicios`),
KEY `inf_servicios_FKIndex1` (`inmueble_idinmueble`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

Discussion

  • Marc Delisle
    Marc Delisle
    2007-04-29

    • summary: phpMyAdmin cannot insert into this table --> incorrect "possible deep recursion attack"
     
  • Marc Delisle
    Marc Delisle
    2007-04-30

    • assigned_to: nobody --> lem9
     
  • Marc Delisle
    Marc Delisle
    2007-05-01

    Logged In: YES
    user_id=210714
    Originator: NO

    Patch merged for 2.10.2:
    Index: QA_2_10/phpMyAdmin/libraries/common.lib.php
    ===================================================================
    --- QA_2_10/phpMyAdmin/libraries/common.lib.php (revision 10338)
    +++ QA_2_10/phpMyAdmin/libraries/common.lib.php (working copy)
    @@ -290,7 +290,7 @@
    }
    }
    }
    - $recursive_counter++;
    + $recursive_counter--;
    }

     
  • Marc Delisle
    Marc Delisle
    2007-05-01

    • summary: incorrect "possible deep recursion attack" --> (ok 2.10.2) incorrect "possible deep recursion attack"
    • priority: 5 --> 1
    • status: open --> open-fixed
     
  • Marc Delisle
    Marc Delisle
    2007-06-15

    • summary: (ok 2.10.2) incorrect "possible deep recursion attack" --> (ok 2.10.2) incorrect \"possible deep recursion attack\"
    • status: open-fixed --> closed-fixed
     
  • Michal Čihař
    Michal Čihař
    2013-06-11

    • Status: closed-fixed --> fixed