- Allocate memory for
MMDB_entry_data_list_sstructs in separate chunks
rather than one large chunk. This simplifies accessing memory in
MMDB_get_entry_data_list()and increases performance. It builds on the
changes in 1.3.0 and 1.3.1.
- We no longer export
data_pool_*symbols. These are internal functions
but we were previously exporting them. Pull request by Faidon Liambotis.
- Build with POSIX.1-2008 by default if the system supports it. This allows
O_CLOEXEC. We retain support for systems that
provide only POSIX.1-2001.
- Open the database with the
O_CLOEXECflag if the system provides it.
This avoids cases where we could leak fds when called in multi-threaded
exec(). Original report and PR by Brandon L
- Added a test to ensure we export only intended symbols (e.g. MMDB_*).
- Fix build problems related to
rpl_malloc(). Pull request by Rainer
Gerhards. GitHub #152.
- Fix a race to set and read data in a field on the
ipv4_start_node). GitHub #153.
- Fix cases of invalid memory access when using
MMDB_get_entry_data_list(). This was introduced in 1.3.0 and occurred
when performing large lookups. GitHub #153.
- Perform fewer memory allocations in
significantly improves its performance. GitHub #147.
mmdblookup's build epoch reporting on some systems. Big endian
systems with a 32-bit
time_tno longer show a database build date of
1970-01-01 00:00:00. Pull request by Rainer Jung. GitHub #143.
- Use autoconf to check the system's endianness rather than trying to do this
with compiler-defined macros like
__BYTE_ORDER__. Apparently this didn't
work properly on a Sparc system. GitHub #120.
- Several compiler warnings on Visual C++ were fixed. Pull request by Marcel
Raad. GitHub #130.
- Fix segmentation faults found in
MMDB_open()using afl-fuzz. This
occurred on corrupt databases that had a data pointer large enough to
cause an integer overflow when doing bound checking. Reported by Ryan
Whitworth. GitHub #140.
- Add --disable-tests option to
configure. Pull request by Fabrice
Fontaine. GitHub #136.
- Four additional fields were added to the end of the
struct returned by
MMDB_read_node. These fields allow the user to iterate
through the search tree without making undocumented assumptions about how
this library works internally and without knowing the specific details of
the database format. GitHub #110.
1.1.5 - 2016-03-20
- Previously, reading a database with a pointer in the metadata would cause an
MMDB_INVALID_METADATA_ERRORto be returned. This was due to an invalid
offset being used when calculating the pointer. The
metadata_sectionfields now both point to the beginning of the data
data_sectionpointed to the beginning of the data
separator. This will not affect anyone using only documented fields from
MMDB_IPV6_LOOKUP_IN_IPV4_DATABASE_ERRORif an IPv6
sockaddris looked up
in an IPv4-only database. Previously only
this error code.
- When resolving an address, this library now relies on
determine the address family rather than trying to guess it itself.
This tarball has since been removed because it was not cleanly packaged. Use 1.1.4 or newer instead.
- Added several additional checks to make sure that we don't attempt to read
past the end of the databases's data section. Implemented by Tobias
Stoeckmann. GitHub #103.
- When searching for the database metadata, there was a bug that caused the
code to think it had found valid metadata when none existed. In addition,
this could lead to an attempt to read past the end of the database
entirely. Finally, if there are multiple metadata markers in the database,
we treat the final one as the start of the metdata, instead of the first.
Implemented by Tobias Stoeckmann. GitHub #102.
- Don't attempt to mmap a file that is too large to be mmapped on the
system. Implemented by Tobias Stoeckmann. GitHub #101.
- Added a missing out of memory check when reading a file's
metadata. Implemented by Tobias Stoeckmann. GitHub #101.
- Added several additional checks to make sure that we never attempt to
SIZE_MAXmemory, which would lead to integer
overflow. This could only happen with pathological databases. Implemented by
Tobias Stoeckmann. GitHub #101.
- IMPORTANT: This release includes a number of important security fixes. Among these fixes is improved validation of the database metadata. Unfortunately, MaxMind GeoIP2 and GeoLite2 databases created earlier than January 28, 2014 had an invalid data type for the record_size in the metadata. Previously these databases worked on little endian machines with libmaxminddb but did not work on big endian machines. Due to increased safety checks when reading the file, these databases will no longer work on any platform. If you are using one of these databases, we recommend that you upgrade to the latest GeoLite2 or GeoIP2 database
- Added pkg-config support. If your system supports it, then running
make installnow installs a
libmaxminddb.pcfile for pkgconfig. Implemented by
- Several segmentation faults found with afl-fuzz were fixed. These were
caused by missing bounds checking and missing verification of data type.
MMDB_get_entry_data_listwill now fail on data structures with a depth
greater than 512 and data structures that are cyclic. This should not
affect any known MaxMind DB in production. All databases produced by
MaxMind have a depth of less than five.