Skip to content

Fix #2601 misuses of LMDB API #2602

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Feb 9, 2022
Merged

Conversation

hyc
Copy link
Contributor

@hyc hyc commented Aug 9, 2021

Only open DBI once, doesn't need closing.
Never reuse a txn handle after commit.
Use MDB_RDONLY for txns that aren't doing any writes

Only open DBI once, doesn't need closing.
Never reuse a txn handle after commit.
Use MDB_RDONLY for txns that aren't doing any writes
@martinhsv
Copy link
Contributor

Hello @hyc ,

I finally had a chance to look at this in detail and one thing I wondered about:

There is a new member variable 'MDB_dbi m_dbi;' in the LMDB class -- which makes sense.

MDB_dbi is typedef'd to 'unsigned int', which means m_dbi is undefined initially.

The LMDB constructor will initialize it with a successful call to mdb_dbi_open.

But what if it fails? The return code from mdb_dbi_open isn't checked and we proceed as if it had been successful.

I had a look at both the LMDB documentation and (a brief) skim of the code and it doesn't look like a failure condition within mdb_dbi_open will result in the MDB_dbi out-parameter being updated to a special value or anything (that might have been checked for in subsequent calls to other functions).

Thoughts?

@hyc
Copy link
Contributor Author

hyc commented Jan 27, 2022

The default dbi, which is what your code uses, always exists and is always valid, so the mdb_dbi_open call will never fail.

@martinhsv martinhsv merged commit d0813fe into owasp-modsecurity:v3/master Feb 9, 2022
martinhsv added a commit that referenced this pull request Feb 9, 2022
vladbukin pushed a commit to vladbukin/ModSecurity that referenced this pull request Apr 12, 2022
daixiang0 pushed a commit to daixiang0/ModSecurity that referenced this pull request Apr 24, 2022
leyao-daily pushed a commit to leyao-daily/ModSecurity that referenced this pull request Jul 26, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants