Opened 4 years ago

Last modified 3 years ago

#31907 closed Bug

Inconsistent key validation checks in cache backends. — at Initial Version

Reported by: Nick Pope Owned by: Nick Pope
Component: Core (Cache system) Version: dev
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

The fix for CVE2020-13254 ensured that validate_key() was called for most cache-related operations to avoid a potential get/set key-clash.

There are some other operations that are not properly validated in some of the backend (sub)classes:

  • LocMemcache.touch()
  • BaseMemcachedCache.delete_many()
  • MemcachedCache.touch()
  • MemcachedCache.get()
  • MemcachedCache.delete()
  • PyLibMCCache.touch()

The fix to this should also include a test to ensure that self.validate_key(key) is called for all operations to avoid this issue in future.

Note that this was originally raised via the security mailing list, but the decision was to handle this by raising a pull request.

Change History (0)

Note: See TracTickets for help on using tickets.
Back to Top