On Sep 20, 2009, at 4:48 PM, Chris Anderson wrote:
That's the sort of thing that'd get backported for 0.10.1 anyway, so I don't think it's a blocker. Also, probably a fairly easy patch. Chris
COUCHDB-345 seemed to get no attention in the last call for objections (other than the fix to a unit test that would break if a patch were applied).
I believe the problem addressed in the issue that makes every CouchDB installation that allows untrusted users to write to the database vulnerable. Also, as far as I know there is not a simple procedure to recover a CouchDB that has been wedged by a malicious or unintentional insert of a malencoded document.
No one has objected to the badenc1.patch, however I believe the performance cost could be reduced by first scanning the incoming byte array and only calling xmerl_ucs:from_utf8 on the portion beginning with the first byte value >= 0x80. I'm not confident in my Erlang skills yet to think that I know the optimal way of coding that. However, I think it would be better to get some fix in than wait for an optimal fix.
