cool.. thank you :) On 2007-09-10, at 1:17 AM, John Leach wrote:
> Hi ferreteers, > > I came across a segfault in the query parser. It had already been > reported[1] and fixed[2], but it can lead to a denial of service. > > If you use Ferret anywhere that you allow users to execute queries, > those users can crash your Ruby process with a specially crafted > query. > > I'm sure you're all using Monit or something for your Rails or drb > processes, so they'll get restarted, but it's still not good. > > This was quite serious for a number of my sites (not to mention > slowing > development of a current app) so I applied the fix to the released > 0.11.4 source and repackaged it as 0.11.4.1. > > Obviously this isn't in any way official, but it works for me and I'm > sharing here for anyone else affected. Gem, tgz and zip here: > > http://johnleach.co.uk/downloads/ruby/ferret/ferret-0.11.4.1/ > > and just the patch (derived from Dave's changeset to trunk) here: > > http://johnleach.co.uk/downloads/ruby/ferret/ferret-0.11.4-fix- > multiterm-segfault.patch > > The patch is against the release source, as the subversion repository > seems to be down atm. > > John. > > [1] http://ferret.davebalmain.com/trac/ticket/208 > [2] http://ferret.davebalmain.com/trac/changeset/773 > > > -- > high-profile mailing list advertising space exploitation: > http://www.brightbox.co.uk - UK Rails Xen Hosting > > _______________________________________________ > Ferret-talk mailing list > [email protected] > http://rubyforge.org/mailman/listinfo/ferret-talk _______________________________________________ Ferret-talk mailing list [email protected] http://rubyforge.org/mailman/listinfo/ferret-talk
