From 5433299350e460f4989e09a57842ec22fa311a53 Mon Sep 17 00:00:00 2001 From: Gregory Oschwald Date: Mon, 4 May 2020 08:24:38 -0700 Subject: [PATCH 1/4] Check that key was decoded from UTF-8 --- extension/maxminddb.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/extension/maxminddb.c b/extension/maxminddb.c index 69f18c5..84c4241 100644 --- a/extension/maxminddb.c +++ b/extension/maxminddb.c @@ -526,6 +526,11 @@ static PyObject *from_map(MMDB_entry_data_list_s **entry_data_list) { PyObject *key = PyUnicode_FromStringAndSize( (char *)(*entry_data_list)->entry_data.utf8_string, (*entry_data_list)->entry_data.data_size); + if (!key) { + // PyUnicode_FromStringAndSize will set an appropriate exception + // in this case. + return NULL; + } *entry_data_list = (*entry_data_list)->next; From ee2892b3a384a8f749e38ed52c2681ab7e84fcc0 Mon Sep 17 00:00:00 2001 From: Gregory Oschwald Date: Mon, 4 May 2020 08:26:01 -0700 Subject: [PATCH 2/4] Check error from from_entry_data_list --- extension/maxminddb.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/extension/maxminddb.c b/extension/maxminddb.c index 84c4241..a464200 100644 --- a/extension/maxminddb.c +++ b/extension/maxminddb.c @@ -204,6 +204,11 @@ static int get_record(PyObject *self, PyObject *args, PyObject **record) { *record = from_entry_data_list(&entry_data_list); MMDB_free_entry_data_list(original_entry_data_list); + // from_entry_data_list will return NULL on errors. + if (*record == NULL) { + return -1; + } + return prefix_len; } From f029c7dc193c5744c2d44b8192c9980cf28d083e Mon Sep 17 00:00:00 2001 From: Gregory Oschwald Date: Mon, 4 May 2020 08:43:48 -0700 Subject: [PATCH 3/4] Add test case from GitHub #58 --- tests/data | 2 +- tests/reader_test.py | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/tests/data b/tests/data index 9a56cf5..e3764a2 160000 --- a/tests/data +++ b/tests/data @@ -1 +1 @@ -Subproject commit 9a56cf59da5c380f6014d042189ad8bce6f3dd89 +Subproject commit e3764a229ff98541884a3cd4bd7dc95f4ae5d466 diff --git a/tests/reader_test.py b/tests/reader_test.py index deb5c31..8510bd0 100644 --- a/tests/reader_test.py +++ b/tests/reader_test.py @@ -286,6 +286,15 @@ def test_nondatabase(self): ): open_database("README.rst", self.mode) + # This is from https://github.com/maxmind/MaxMind-DB-Reader-python/issues/58 + def test_database_with_invalid_utf8_key(self): + reader = open_database( + "tests/data/bad-data/maxminddb-python/bad-unicode-in-map-key.mmdb", + self.mode, + ) + with self.assertRaises(UnicodeDecodeError): + reader.get_with_prefix_len("163.254.149.39") + def test_too_many_constructor_args(self): with self.assertRaises(TypeError): self.readerClass[0]("README.md", self.mode, 1) From 79755e2ad9b474e99795842919037c2f885ab092 Mon Sep 17 00:00:00 2001 From: Gregory Oschwald Date: Mon, 4 May 2020 08:45:46 -0700 Subject: [PATCH 4/4] Add change log entry --- HISTORY.rst | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/HISTORY.rst b/HISTORY.rst index 5784604..23670f4 100644 --- a/HISTORY.rst +++ b/HISTORY.rst @@ -3,6 +3,12 @@ History ------- +1.5.3 (2020-05-04) +++++++++++++++++++ + +* Fix a segfault when decoding a database with a corrupt data section. + Reported by Robert Scott. GitHub #58. + 1.5.2 (2019-12-20) ++++++++++++++++++