Closed
Bug 546759
Opened 15 years ago
Closed 15 years ago
Make sure weave_metadata collections_get returns an array
Categories
(Cloud Services Graveyard :: Server: Sync, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: telliott, Assigned: telliott)
Details
(Whiteboard: [AA-AT-06-E])
The Weave Server's synchronization component contains the following code within weave_metadata.php lines 144 and 145:
$this->collections_get(); return $this->_collections[$collection];
If collections_get fails, or any other issue occurs such that the _collections array doesn't have a value at the $collection index, then the above code will fail. If an attacker were to cause this erroneous behavior to occur, then they may find a way to make the failure advantageous to them.
|
Assignee | |
Comment 1•15 years ago
|
||
Fixed in http://hg.mozilla.org/labs/weaveserver-sync/rev/45308253a45d
Les, please review.
|
|
Assignee | |
Comment 2•15 years ago
|
||
also http://hg.mozilla.org/labs/weaveserver-sync/rev/858e2212d242
(found a corner case)
|
||
Comment 3•15 years ago
|
||
Looks like it does what it says on the tin.
|
|
Assignee | |
Comment 4•15 years ago
|
||
live in the 2/25/10 push. There may be a new version of this before we actually flip the switch on Memcache, though
|
|
Assignee | |
Updated•15 years ago
|
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
|
||
Updated•2 years ago
|
Product: Cloud Services → Cloud Services Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•