Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Illegal DB creation permitted #1644

Closed
flimzy opened this issue Oct 7, 2018 · 1 comment
Closed

Illegal DB creation permitted #1644

flimzy opened this issue Oct 7, 2018 · 1 comment

Comments

@flimzy
Copy link
Member

@flimzy flimzy commented Oct 7, 2018

Reported/asked about here: https://stackoverflow.com/q/52636973/13860

Expected Behavior

Creating a database called !abcdef/_users should fail, due to invalid DB name.

Current Behavior

DB creation succeeds:

curl -v -X PUT http://admin:abc123@localhost:6004/\!abcdef%2F_users
*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 6004 (#0)
* Server auth using Basic with user 'admin'
> PUT /!abcdef%2F_users HTTP/1.1
> Host: localhost:6004
> Authorization: Basic YWRtaW46YWJjMTIz
> User-Agent: curl/7.52.1
> Accept: */*
> 
< HTTP/1.1 201 Created
< Cache-Control: must-revalidate
< Content-Length: 12
< Content-Type: application/json
< Date: Sun, 07 Oct 2018 11:21:46 GMT
< Location: http://localhost:6004/%21abcdef%2F_users
< Server: CouchDB/2.2.0 (Erlang OTP/19)
< X-Couch-Request-ID: 8d5c83b3a4
< X-CouchDB-Body-Time: 0
< 
{"ok":true}
* Curl_http_done: called premature == 0
* Connection #0 to host localhost left intact

Possible Solution

Seems likely that the "special case" for _users is just too permissive, such as a regex not bound to the beginning of the string, or a similar error.

Steps to Reproduce (for bugs)

See curl command above.

Your Environment

  • Version used: CouchDB 2.2.0 via official Docker image
  • Browser Name and version: curl 7.52.1
  • Operating System and version (desktop or mobile): Debian 9.5
@iilyak
Copy link
Contributor

@iilyak iilyak commented Oct 8, 2018

The problem is here. We only match the suffix of the database and don't check validity of the prefix.

iilyak added a commit to cloudant/couchdb that referenced this issue Oct 8, 2018
Previously we only checked that the suffix of the database is
matching one of the predefined system databases. We really should
check the prefix against DBNAME_REGEXP to prevent creation of
illegaly named databases.

This fixes apache#1644
iilyak added a commit to cloudant/couchdb that referenced this issue Oct 8, 2018
Previously we only checked that the suffix of the database is
matching one of the predefined system databases. We really should
check the prefix against DBNAME_REGEXP to prevent creation of
illegally named databases.

This fixes apache#1644
iilyak added a commit to cloudant/couchdb that referenced this issue Oct 8, 2018
Previously we only checked that the suffix of the database is
matching one of the predefined system databases. We really should
check the prefix against DBNAME_REGEXP to prevent creation of
illegally named databases.

This fixes apache#1644
iilyak added a commit to cloudant/couchdb that referenced this issue Oct 8, 2018
Previously we only checked that the suffix of the database is
matching one of the predefined system databases. We really should
check the prefix against DBNAME_REGEXP to prevent creation of
illegally named databases.

This fixes apache#1644
iilyak added a commit to cloudant/couchdb that referenced this issue Oct 8, 2018
Previously we only checked that the suffix of the database is
matching one of the predefined system databases. We really should
check the prefix against DBNAME_REGEXP to prevent creation of
illegally named databases.

This fixes apache#1644
iilyak added a commit to cloudant/couchdb that referenced this issue Oct 10, 2018
Previously we only checked that the suffix of the database is
matching one of the predefined system databases. We really should
check the prefix against DBNAME_REGEXP to prevent creation of
illegally named databases.

This fixes apache#1644
@iilyak iilyak closed this in #1647 Oct 10, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

2 participants