Uploaded image for project: 'Python Driver'
  1. Python Driver
  2. PYTHON-532

User-triggerable NULL pointer dereference due to utter plebbery

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Critical - P2 Critical - P2
    • 2.5.2
    • Affects Version/s: None
    • Component/s: None
    • None
    • Environment:
      ALL THE ENVIRONMENTS
    • Major Change

      Steps to reproduce:

      Step 1. Use Mongo as WEB SCALE DOCUMENT STORE OF CHOICE LOL

      Step 2. Assume basic engineering principles applied throughout due to HEAVY MARKETING SUGGESTING AWESOMENESS.

      Step 3. Spend 6 months fighting plebbery across the spectrum, mostly succeed.

      Step 4. NIGHT BEFORE INVESTOR DEMO, TRY UPLOADING SOME DATA WITH "{$ref: '#/mongodb/plebtastic'"

      Step 5. LOL WTF?!?!? PYMONGO CRASH?? :OOO LOOOL WEBSCALE

      Step 6. It's 4am now. STILL INVESTIGATING

      b4cb9be0 pymongo/_cbsonmodule.c (Mike Dirolf 2009-11-10 14:54:39 -0500 1196) /* Decoding for DBRefs */

      Oh Mike!!!

      Step 7. DISCOVER PYMONGO DOES NOT CHECK RETURN VALUES IN MULTIPLE PLACES. DISCOVER ORIGINAL AUTHOR SHOULD NOT BE ALLOWED NEAR COMPUTER

      0558b0d4 pymongo/_cbsonmodule.c (Mike Dirolf 2009-06-08 15:06:12 -0400 1197) if (strcmp(buffer + position + 5, "$ref") == 0) { / DBRef */
      f3da57be pymongo/_cbsonmodule.c (sibsibsib 2010-08-03 13:24:14 +0800 1198) PyObject* dbref;
      b4cb9be0 pymongo/_cbsonmodule.c (Mike Dirolf 2009-11-10 14:54:39 -0500 1199) PyObject* collection = PyDict_GetItemString(value, "$ref");
      ...
      30c253e6 pymongo/_cbsonmodule.c (Mike Dirolf 2010-06-22 12:29:20 -0400 1206) PyDict_DelItemString(value, "$id");
      ...
      6b0a9ccb pymongo/_cbsonmodule.c (Mike Dirolf 2010-06-21 15:15:00 -0400 1220) Py_DECREF(id);

      LOOOOL!

      OH MIKE OH MIKE!! BUT WHAT IF $ref DOESNT HAVE $id KEY? LOOL

      Step 8. REALIZE I CAN CRASH 99% OF ALL WEB 3.9 SHIT-TASTIC WEBSCALE MONGO-DEPLOYING SERVICES WITH 16 BYTE POST

      Step 9. REALIZE 10GEN ARE TOO WORTHLESSLY CLUELESS TO LICENCE A STATIC ANALYZER THAT WOULD HAVE NOTICED THIS PROBLEM IN 0.0000001 NANOSECONDS?!!?!?@#

      Step 10. TRY DELETING _cbson.so.

      Step 11. LOOOOOOOOOOOOL MORE NULL PTR DEREFS IN _cmessage.so!!?!? LOLLERPLEX??!? NULL IS FOR LOSERS LOLOL

      Steps to fix:

      1. MIKE WAS BORN A TECH WRITER. REVOKE COMMIT PRIVS TODAY

      2. BUY A GODDAMNED COVERITY LICENCE YOU AMATEURS

      3. ADD process_dbrefs=False TO ALL THE DRIVERS

      4. FIX NULL PTR DEREFERENCE

      5. PUBLISH SECURITY ADVISORY OR I WILL DO IT FOR YOU

            Assignee:
            bernie@mongodb.com Bernie Hackett
            Reporter:
            jibberz Jibbers McGee
            Votes:
            4 Vote for this issue
            Watchers:
            38 Start watching this issue

              Created:
              Updated:
              Resolved: