Opened 4 years ago
Last modified 3 years ago
#31907 closed Bug
Inconsistent key validation checks in cache backends. — at Initial Version
| Reported by: | Nick Pope | Owned by: | Nick Pope |
|---|---|---|---|
| Component: | Core (Cache system) | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Accepted | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
The fix for CVE2020-13254 ensured that validate_key() was called for most cache-related operations to avoid a potential get/set key-clash.
There are some other operations that are not properly validated in some of the backend (sub)classes:
LocMemcache.touch()BaseMemcachedCache.delete_many()MemcachedCache.touch()MemcachedCache.get()MemcachedCache.delete()PyLibMCCache.touch()
The fix to this should also include a test to ensure that self.validate_key(key) is called for all operations to avoid this issue in future.
Note that this was originally raised via the security mailing list, but the decision was to handle this by raising a pull request.
Note:
See TracTickets
for help on using tickets.