Uploaded image for project: 'Python Driver'
  1. Python Driver
  2. PYTHON-252

_cbson crash/vulnerability (denial of service)

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.0
    • Component/s: None

      Description

      _cbson's get_value doesn't accept a data size parameter, it means that it is very easy to trick _cbson into decoding and thus reading out of range data that can easily crash Python. For example:

      python -c 'import bson; bson.decode_all("\x07\x00\x00\x00\x02a\x00\x78\x56\x34\x12")'

      If _cbson is compiled/enabled then Python will crash with Segmentation Fault. If _cbson is not enabled I lose speed but get expected:

      Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "bson/_init_.py", line 404, in decode_all
      (doc, data) = _bson_to_dict(data, as_class, tz_aware)
      File "bson/_init_.py", line 245, in _bson_to_dict
      return (_elements_to_dict(elements, as_class, tz_aware), data[obj_size:])
      File "bson/_init_.py", line 233, in _elements_to_dict
      (key, value, data) = _element_to_dict(data, as_class, tz_aware)
      File "bson/_init_.py", line 225, in _element_to_dict
      (element_name, data) = _get_c_string(data[1:])
      File "bson/_init_.py", line 75, in _get_c_string
      raise InvalidBSON()
      bson.errors.InvalidBSON

        Attachments

          Activity

            People

            • Votes:
              2 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: