An infinite loop in ViewsJoin could cause denial of service

Created on 5 December 2017, almost 7 years ago
Updated 29 December 2023, 10 months ago

Problem/Motivation

In Views on D7 there's code in views_many_to_one_helper as follows:

    while ($r_join->left_table != $base_table) {
      $r_join = views_get_table_join($r_join->left_table, $base_table);
    }

Problems can arise if $r_join is invalid for some reason, e.g. a table becomes invalid or the join definition is incorrect.

In D7 the solution was to just add a check that $r_join was valid.

In D9 this code was moved to ManyToOneHelper.

Steps to reproduce

Add a missing table to your Views data and try to add a relationship to that table
The new test coverage shows it best.

Proposed resolution

For D9 we want to make sure we are not just masking the problem, but if you end up in this situation, that means your Views data is corrupt. At that point we need to fail hard to make sure the problem gets fixed.
Throw an exception when severely broken Views data is encountered.

Remaining tasks

Review

User interface changes

None

API changes

None

Data model changes

We throw an exception when severely broken Views data is encountered instead of looping endlessly

Release notes snippet

No needed

πŸ› Bug report
Status

Needs work

Version

11.0 πŸ”₯

Component
ViewsΒ  β†’

Last updated about 8 hours ago

Created by

πŸ‡ΊπŸ‡ΈUnited States DamienMcKenna NH, USA

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • @lendude opened merge request.
  • Status changed to Needs review 11 months ago
  • πŸ‡³πŸ‡±Netherlands Lendude Amsterdam

    Moved to MR and rerolled

  • Status changed to Needs work 11 months ago
  • πŸ‡ΊπŸ‡ΈUnited States smustgrave

    Hiding patches for clarity.

    Started the issue summary update but not as familiar with the issue so left TBD in sections that I couldn't answer. Is the proposed solution correct? Steps to reproduce?

  • Status changed to Needs review 11 months ago
  • πŸ‡³πŸ‡±Netherlands Lendude Amsterdam

    Updated the IS

  • Status changed to RTBC 11 months ago
  • πŸ‡ΊπŸ‡ΈUnited States smustgrave

    Thanks. Not sure because this is testing an infinite loop but when I tried to run the test-only feature it got hung up but did see an "E" in the output to show the failure.

    So clearly test coverage is there haha.

    Looking at the code change seems to appropriately catch the issue and throws the new exception.

    Marking it but do new exceptions need a CR?

  • Status changed to Needs work 11 months ago
  • πŸ‡¬πŸ‡§United Kingdom alexpott πŸ‡ͺπŸ‡ΊπŸŒ

    I've added some comments to the MR.

  • Status changed to Needs review 11 months ago
  • πŸ‡³πŸ‡±Netherlands Lendude Amsterdam

    Addressed feedback. Not sure if the minor scope creep for php-stan is better than updating the base line and fixing it later, but it seems pretty minor so went for the fix

  • Status changed to RTBC 11 months ago
  • πŸ‡ΊπŸ‡ΈUnited States smustgrave

    Feedback around the return null appears to have been addressed.

  • Status changed to Needs work 10 months ago
  • πŸ‡³πŸ‡ΏNew Zealand quietone

    I'm triaging RTBC issues β†’ . I read the IS and the comments and the MR. I didn't find any unanswered questions or other work to do.

    However, I left one small suggestion for a comment in the MR. So setting back to NW for someone to check that suggestion.

Production build 0.71.5 2024