Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-15942

validate user supplied document length with actual doc length in index during the fdb_iterator_get call.

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Major
    • bug-backlog
    • 4.0.0
    • forestdb
    • Security Level: Public
    • None
    • Untriaged
    • Centos 64-bit
    • Unknown

    Description

      we allow user to supply pre-allocated fdb_doc struct for fdb_iterator_get call. However, there is no validation is the document being scanned in the HB+-trie is smaller or equal in length as the user supplied fdb_doc. This can result in buffer overflows leading to crash.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            tai.tran Tai Tran (Inactive)
            venu Venu Uppalapati (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty