I was working on a patched Debian system recently using PHP functions feof and fread. I went to run my test script and managed to auger Apache in while at the same time dumping over 1GB worth of errors into the Apache error log in a matter of minutes. Over and over (over 5,000,000 entries, actually), with these errors:
[Wed Dec 07 11:17:00 2011] [error] [client xx.xx.xx.xx] PHP Warning: feof() expects parameter 1 to be resource, boolean given in /web/public_html/newsite/testfeed.php on line 5 [Wed Dec 07 11:17:00 2011] [error] [client xx.xx.xx.xx] PHP Warning: fread() expects parameter 1 to be resource, boolean given in /web/public_html/newsite/testfeed.php on line 6
I ended up having to stop apache and restart it but it’s a scary denial of service in a few lines of PHP code. It took about 2 minutes and 23 seconds to produce over 5,000,000 errors in the error log for this script.
WinJS.xhr(“http://example.com/webservice”).then(successFunction, errorFunction, progressFunction);