John Leach
2007-Sep-09 23:17 UTC
[Ferret-talk] MultiTerm query segfault - remote denial of service
Hi ferreteers, I came across a segfault in the query parser. It had already been reported[1] and fixed[2], but it can lead to a denial of service. If you use Ferret anywhere that you allow users to execute queries, those users can crash your Ruby process with a specially crafted query. I''m sure you''re all using Monit or something for your Rails or drb processes, so they''ll get restarted, but it''s still not good. This was quite serious for a number of my sites (not to mention slowing development of a current app) so I applied the fix to the released 0.11.4 source and repackaged it as 0.11.4.1. Obviously this isn''t in any way official, but it works for me and I''m sharing here for anyone else affected. Gem, tgz and zip here: http://johnleach.co.uk/downloads/ruby/ferret/ferret-0.11.4.1/ and just the patch (derived from Dave''s changeset to trunk) here: http://johnleach.co.uk/downloads/ruby/ferret/ferret-0.11.4-fix-multiterm-segfault.patch The patch is against the release source, as the subversion repository seems to be down atm. John. [1] http://ferret.davebalmain.com/trac/ticket/208 [2] http://ferret.davebalmain.com/trac/changeset/773 -- high-profile mailing list advertising space exploitation: http://www.brightbox.co.uk - UK Rails Xen Hosting
Benjamin Krause
2007-Sep-10 07:37 UTC
[Ferret-talk] MultiTerm query segfault - remote denial of service
cool.. thank you :) On 2007-09-10, at 1:17 AM, John Leach wrote:> Hi ferreteers, > > I came across a segfault in the query parser. It had already been > reported[1] and fixed[2], but it can lead to a denial of service. > > If you use Ferret anywhere that you allow users to execute queries, > those users can crash your Ruby process with a specially crafted > query. > > I''m sure you''re all using Monit or something for your Rails or drb > processes, so they''ll get restarted, but it''s still not good. > > This was quite serious for a number of my sites (not to mention > slowing > development of a current app) so I applied the fix to the released > 0.11.4 source and repackaged it as 0.11.4.1. > > Obviously this isn''t in any way official, but it works for me and I''m > sharing here for anyone else affected. Gem, tgz and zip here: > > http://johnleach.co.uk/downloads/ruby/ferret/ferret-0.11.4.1/ > > and just the patch (derived from Dave''s changeset to trunk) here: > > http://johnleach.co.uk/downloads/ruby/ferret/ferret-0.11.4-fix- > multiterm-segfault.patch > > The patch is against the release source, as the subversion repository > seems to be down atm. > > John. > > [1] http://ferret.davebalmain.com/trac/ticket/208 > [2] http://ferret.davebalmain.com/trac/changeset/773 > > > -- > high-profile mailing list advertising space exploitation: > http://www.brightbox.co.uk - UK Rails Xen Hosting > > _______________________________________________ > Ferret-talk mailing list > Ferret-talk at rubyforge.org > http://rubyforge.org/mailman/listinfo/ferret-talk