Uploaded image for project: 'Python Driver'
  1. Python Driver
  2. PYTHON-532

User-triggerable NULL pointer dereference due to utter plebbery

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical - P2
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.5.2
    • Component/s: None
    • Labels:
      None
    • Environment:
      ALL THE ENVIRONMENTS
    • Backwards Compatibility:
      Major Change
    • # Replies:
      13
    • Last comment by Customer:
      true

      Description

      Steps to reproduce:

      Step 1. Use Mongo as WEB SCALE DOCUMENT STORE OF CHOICE LOL

      Step 2. Assume basic engineering principles applied throughout due to HEAVY MARKETING SUGGESTING AWESOMENESS.

      Step 3. Spend 6 months fighting plebbery across the spectrum, mostly succeed.

      Step 4. NIGHT BEFORE INVESTOR DEMO, TRY UPLOADING SOME DATA WITH "{$ref: '#/mongodb/plebtastic'"

      Step 5. LOL WTF?!?!? PYMONGO CRASH?? :OOO LOOOL WEBSCALE

      Step 6. It's 4am now. STILL INVESTIGATING

      b4cb9be0 pymongo/_cbsonmodule.c (Mike Dirolf 2009-11-10 14:54:39 -0500 1196) /* Decoding for DBRefs */

      Oh Mike!!!

      Step 7. DISCOVER PYMONGO DOES NOT CHECK RETURN VALUES IN MULTIPLE PLACES. DISCOVER ORIGINAL AUTHOR SHOULD NOT BE ALLOWED NEAR COMPUTER

      0558b0d4 pymongo/_cbsonmodule.c (Mike Dirolf 2009-06-08 15:06:12 -0400 1197) if (strcmp(buffer + position + 5, "$ref") == 0) { / DBRef */
      f3da57be pymongo/_cbsonmodule.c (sibsibsib 2010-08-03 13:24:14 +0800 1198) PyObject* dbref;
      b4cb9be0 pymongo/_cbsonmodule.c (Mike Dirolf 2009-11-10 14:54:39 -0500 1199) PyObject* collection = PyDict_GetItemString(value, "$ref");
      ...
      30c253e6 pymongo/_cbsonmodule.c (Mike Dirolf 2010-06-22 12:29:20 -0400 1206) PyDict_DelItemString(value, "$id");
      ...
      6b0a9ccb pymongo/_cbsonmodule.c (Mike Dirolf 2010-06-21 15:15:00 -0400 1220) Py_DECREF(id);

      LOOOOL!

      OH MIKE OH MIKE!! BUT WHAT IF $ref DOESNT HAVE $id KEY? LOOL

      Step 8. REALIZE I CAN CRASH 99% OF ALL WEB 3.9 SHIT-TASTIC WEBSCALE MONGO-DEPLOYING SERVICES WITH 16 BYTE POST

      Step 9. REALIZE 10GEN ARE TOO WORTHLESSLY CLUELESS TO LICENCE A STATIC ANALYZER THAT WOULD HAVE NOTICED THIS PROBLEM IN 0.0000001 NANOSECONDS?!!?!?@#

      Step 10. TRY DELETING _cbson.so.

      Step 11. LOOOOOOOOOOOOL MORE NULL PTR DEREFS IN _cmessage.so!!?!? LOLLERPLEX??!? NULL IS FOR LOSERS LOLOL

      Steps to fix:

      1. MIKE WAS BORN A TECH WRITER. REVOKE COMMIT PRIVS TODAY

      2. BUY A GODDAMNED COVERITY LICENCE YOU AMATEURS

      3. ADD process_dbrefs=False TO ALL THE DRIVERS

      4. FIX NULL PTR DEREFERENCE

      5. PUBLISH SECURITY ADVISORY OR I WILL DO IT FOR YOU

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                4 Vote for this issue
                Watchers:
                32 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Days since reply:
                  4 years, 20 weeks, 4 days ago
                  Date of 1st Reply: