This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: dbhash/bsddb leaks random memory fragments to a database
Type: security Stage:
Components: Library (Lib) Versions: Python 2.7
process
Status: closed Resolution: out of date
Dependencies: Superseder:
Assigned To: Nosy List: christian.heimes, jcea, jwilk, wodny
Priority: normal Keywords:

Created on 2014-04-21 19:54 by wodny, last changed 2022-04-11 14:58 by admin. This issue is now closed.

Messages (7)
msg216966 - (view) Author: Marcin Szewczyk (wodny) Date: 2014-04-21 19:54
As stated in the subject. Example is in a remote Git repository:
https://bitbucket.org/wodny/python-dbm-experiments/
It shows how some random data gets into the database (into some gaps between keys and values). There is also a C example which hasn't been caught on leaking.
msg217046 - (view) Author: Jesús Cea Avión (jcea) * (Python committer) Date: 2014-04-23 01:24
Marcin, what Berkeley DB version are you using?. Platform?. 32 or 64 bits?

Could you be able to compile & test a custom python patch?
msg217047 - (view) Author: Jesús Cea Avión (jcea) * (Python committer) Date: 2014-04-23 01:28
dbhash uses bsddb behind the curtain. Could you possibly try current bsddb external module at http://www.jcea.es/programacion/pybsddb.htm ??

Thanks.
msg217049 - (view) Author: Jesús Cea Avión (jcea) * (Python committer) Date: 2014-04-23 02:34
Experimenting with this, looks like the content leak is inside Berkeley DB code. The leak is always on offset X*4096 bytes away when the database pagesize is 4096 bytes. Looks like this is an important hint, since Python itself knows nothing about database pagesize.

For instance:

>>> a=open("secrets.db").read()
>>> a.find("secret")
21184
>>> a.find("secret",21185)
25280
>>> 25280-21184
4096
>>> a.find("secret",25281)
37568
>>> 37568-25280
12288
>>> 12288/4096.0
3.0
msg217050 - (view) Author: Jesús Cea Avión (jcea) * (Python committer) Date: 2014-04-23 02:37
The C version reuses buffers, so the content leak is less probable. Could you possibly change the buffer for a malloc/free pair and try again?.
msg217101 - (view) Author: Jesús Cea Avión (jcea) * (Python committer) Date: 2014-04-23 23:32
I could be wrong, but I think this is an Oracle Berkeley DB bug. I contacted Oracle yesterday about this. Stand by.
msg275221 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2016-09-08 23:56
No activity in two years. I'm closing this ticket. Please reopen it if we still need to address the issue in 2.7. 3.4+ doesn't have bsddb.
History
Date User Action Args
2022-04-11 14:58:02adminsetgithub: 65523
2016-09-08 23:56:49christian.heimessetstatus: open -> closed

nosy: + christian.heimes
messages: + msg275221

resolution: out of date
2014-04-23 23:33:33jceasettitle: dbhash leaks random memory fragments to a database -> dbhash/bsddb leaks random memory fragments to a database
2014-04-23 23:32:59jceasetmessages: + msg217101
2014-04-23 02:37:01jceasetmessages: + msg217050
2014-04-23 02:34:08jceasetmessages: + msg217049
2014-04-23 01:28:46jceasetmessages: + msg217047
2014-04-23 01:24:40jceasetmessages: + msg217046
2014-04-23 01:12:22jceasetnosy: + jcea
2014-04-21 20:03:28jwilksetnosy: + jwilk
2014-04-21 19:54:44wodnycreate