Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Null pointer dereference with corrupt database file in MODE_MMAP_EXT #58

Closed
risicle opened this issue May 3, 2020 · 2 comments · Fixed by #59
Closed

Null pointer dereference with corrupt database file in MODE_MMAP_EXT #58

risicle opened this issue May 3, 2020 · 2 comments · Fixed by #59

Comments

@risicle
Copy link

risicle commented May 3, 2020

Linux, python 3.7, maxminddb 1.5.2, libmaxminddb 1.4.2.

Given the corrupt database files np00.gz or np01.gz (uncompressed obviously)

And the example code:

>>> reader = maxminddb.open_database("./np00")
>>> reader.get_with_prefix_len("163.254.149.39")

this will produce a null pointer dereference, in the first case when Reader_get_with_prefix_len tries to Py_DECREF a null record. In the second case, from_map tries to PyDict_SetItem at maxminddb.c:538 with a null key, leading to a read from 0x8.
oschwald added a commit to maxmind/MaxMind-DB that referenced this issue May 4, 2020
@oschwald
Add test case for invalid UTF-8 key string
e3764a2 
This is from
maxmind/MaxMind-DB-Reader-python#58
oschwald added a commit that referenced this issue May 4, 2020
@oschwald
Add test case from GitHub #58
df3fc04
@oschwald oschwald mentioned this issue May 4, 2020
Merged
@oschwald
Copy link
Member

oschwald commented May 4, 2020

Thanks so much for reporting this. I've fixed in in #59 and I have added np01.gz to the bad data test cases in https://github.com/maxmind/MaxMind-DB.

@oschwald oschwald mentioned this issue May 4, 2020
Merged
oschwald added a commit that referenced this issue May 4, 2020
@oschwald
Add test case from GitHub #58
f029c7d
@horgh horgh closed this as completed in #59 May 4, 2020
horgh added a commit that referenced this issue May 4, 2020
@horgh
Merge pull request #59 from maxmind/greg/fix-segfaults
3223e53 
Fix segfault on invalid UTF-8. Closes #58.
@oschwald
Copy link
Member

oschwald commented May 4, 2020

1.5.3 was released with this fix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix segfault on invalid UTF-8. Closes #58. maxmind/MaxMind-DB-Reader-python
2 participants
@oschwald @risicle