Evergreen

infinite loop when parsing modified unclosed phrase search query

Bug #1509479 reported by Galen Charlton on 2015-10-23

8

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Evergreen	Fix Released	High	Unassigned	Evergreen 2.10-beta
	2.8	Fix Released	High	Unassigned	Evergreen 2.8.5
	2.9	Fix Released	High	Unassigned	Evergreen 2.9.1

Bug Description

An unclosed phrase search that has a modifier can cause QueryParser to enter an infinite loop, tying up open-ils.storage backends.

Examples of such searches include:

-"cats and dogs
subject:+"physical chemistry

Evergreen 2.6 and later

Tags:

Galen Charlton (gmc) on 2015-10-23

Changed in evergreen:
milestone:	none → 2.9.1
importance:	Undecided → High

Revision history for this message

Galen Charlton (gmc) wrote on 2015-10-23:

#1

A patch is available at the tip of the user/gmcharlt/lp1509479_fix_qp_infinite_loop branch in the working/Evergreen repository:

http://git.evergreen-ils.org/?p=working/Evergreen.git;a=shortlog;h=refs/heads/user/gmcharlt/lp1509479_fix_qp_infinite_loop

tags:

added: pullrequest

Revision history for this message

Dan Scott (denials) wrote on 2015-10-23:

#2

Sounds like a possible denial of service zero-day?

Revision history for this message

Dan Scott (denials) wrote on 2015-10-23:

#3

Also wondering if it might be worthwhile to add in a simple counter that bails after a set number of loops (100 or 250 or something reasonable) to short-circuit any other possible oversights that we might have made.

Revision history for this message

Galen Charlton (gmc) wrote on 2015-10-23:

#4

Thanks for the feedback. I've pushed an updated branch, user/gmcharlt/lp1509479_fix_qp_infinite_loop_take2, taking your feedback into account and fixing the typo that tsbere saw:

http://git.evergreen-ils.org/?p=working/Evergreen.git;a=shortlog;h=refs/heads/user/gmcharlt/lp1509479_fix_qp_infinite_loop_take2

Revision history for this message

Dan Scott (denials) wrote on 2015-10-24:

#5

Tested cleanly, backported all the way to 2.6 for good measure. Thanks Galen!

Changed in evergreen:
status:	New → Fix Committed

Jason Stephenson (jstephenson) on 2015-11-13

Changed in evergreen:
milestone:	2.9.1 → 2.next

Evergreen Bug Maintenance (bugmaster) on 2016-01-31

Changed in evergreen:
milestone:	2.next → 2.10-beta

Evergreen Bug Maintenance (bugmaster) on 2016-03-04

Changed in evergreen:
status:	Fix Committed → Fix Released

Evergreen Bug Maintenance (bugmaster) on 2016-08-16

no longer affects:

evergreen/2.7

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.