couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sam Rijs (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (COUCHDB-1425) Emitting UTF-8 chars >= 0xD800 in JS map stops design doc from indexing
Date Wed, 18 Sep 2013 11:14:55 GMT

    [ https://issues.apache.org/jira/browse/COUCHDB-1425?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13770660#comment-13770660
] 

Sam Rijs commented on COUCHDB-1425:
-----------------------------------

Hey there, you all (especially [~janl])! It's nice that this possesses its own branch (https://git-wip-us.apache.org/repos/asf?p=couchdb.git;a=shortlog;h=refs/heads/1425-fix-graceful-surrogate-handling).

But wouldn't it be better to merge this into CouchDB in order to close a DoS security hole?

I understand that this problem will go away with the BigCouch merge, but seriously -- this
is a security related fix and should be merge asap.
                
> Emitting UTF-8 chars >= 0xD800 in JS map stops design doc from indexing
> -----------------------------------------------------------------------
>
>                 Key: COUCHDB-1425
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-1425
>             Project: CouchDB
>          Issue Type: Bug
>          Components: JavaScript View Server
>    Affects Versions: 1.1.1
>         Environment: Mac OS 10.6.8, but not sure that matters.
>            Reporter: Jim Klo
>         Attachments: utf8.c.diff
>
>
> Was trying determine UTF-8 Char collation, using the following Gist: https://gist.github.com/1904807
> It turns out that once the view gets to the document that would emit "\uD800", the view
server times out and stops indexing that design document.
> This seems like a bug, since I can 'store' a document with UTF-8 chars >= 0xD800,
but one cannot emit a key with that char in the string.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message