infinite loop when parsing modified unclosed phrase search query

Bug #1509479 reported by Galen Charlton on 2015-10-23
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Evergreen
High
Unassigned
2.8
High
Unassigned
2.9
High
Unassigned

Bug Description

An unclosed phrase search that has a modifier can cause QueryParser to enter an infinite loop, tying up open-ils.storage backends.

Examples of such searches include:

  -"cats and dogs
  subject:+"physical chemistry

Evergreen 2.6 and later

Galen Charlton (gmc) on 2015-10-23
Changed in evergreen:
milestone: none → 2.9.1
importance: Undecided → High
Galen Charlton (gmc) wrote :

A patch is available at the tip of the user/gmcharlt/lp1509479_fix_qp_infinite_loop branch in the working/Evergreen repository:

http://git.evergreen-ils.org/?p=working/Evergreen.git;a=shortlog;h=refs/heads/user/gmcharlt/lp1509479_fix_qp_infinite_loop

tags: added: pullrequest
Dan Scott (denials) wrote :

Sounds like a possible denial of service zero-day?

Dan Scott (denials) wrote :

Also wondering if it might be worthwhile to add in a simple counter that bails after a set number of loops (100 or 250 or something reasonable) to short-circuit any other possible oversights that we might have made.

Galen Charlton (gmc) wrote :

Thanks for the feedback. I've pushed an updated branch, user/gmcharlt/lp1509479_fix_qp_infinite_loop_take2, taking your feedback into account and fixing the typo that tsbere saw:

http://git.evergreen-ils.org/?p=working/Evergreen.git;a=shortlog;h=refs/heads/user/gmcharlt/lp1509479_fix_qp_infinite_loop_take2

Dan Scott (denials) wrote :

Tested cleanly, backported all the way to 2.6 for good measure. Thanks Galen!

Changed in evergreen:
status: New → Fix Committed
Changed in evergreen:
milestone: 2.9.1 → 2.next
Changed in evergreen:
milestone: 2.next → 2.10-beta
Changed in evergreen:
status: Fix Committed → Fix Released
no longer affects: evergreen/2.7
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers