Sanitize the search offset which is user-controlled via the requested page (!522) · Merge requests · umwelt-info / metadaten

Adam Reichold requested to merge fix-dos-search-offset into main Feb 20, 2024

We cannot sanitize the requested page before searching because we do not know the number of results and hence pages yet. However, specificying an arbitrarily large page yields an arbitrarily large offset which Tantivy uses to size an internal allocation of a binary heap which can fail and thereby abort the whole process.

We can however avoid this by sanitizing the offset itself which can never be larger than the overall number of documents stored in the index, no matter the query. This way we can avoid arbitrarily large allocations and hence the denial-of-service condition caused by them.

Closes #248 (closed)

Edited Feb 20, 2024 by Adam Reichold

Sanitize the search offset which is user-controlled via the requested page

Merge request reports