Fix from_json_obj_validate crash when provided rev isn't a valid hex
authorEric Avdey <eiri@eiri.ca>
Fri, 1 Feb 2019 16:41:54 +0000 (12:41 -0400)
committerEric Avdey <eiri@eiri.ca>
Tue, 5 Feb 2019 01:55:25 +0000 (21:55 -0400)
src/couch/src/couch_doc.erl
src/couch/test/couch_doc_json_tests.erl

index e5ad9e9..2a2b4db 100644 (file)
@@ -275,9 +275,16 @@ transfer_fields([{<<"_revisions">>, {Props}} | Rest], Doc, DbName) ->
     true ->
         ok
     end,
-    [throw({doc_validation, "RevId isn't a string"}) ||
-            RevId <- RevIds, not is_binary(RevId)],
-    RevIds2 = [parse_revid(RevId) || RevId <- RevIds],
+    RevIds2 = lists:map(fun(RevId) ->
+        try
+            parse_revid(RevId)
+        catch
+            error:function_clause ->
+                throw({doc_validation, "RevId isn't a string"});
+            error:badarg ->
+                throw({doc_validation, "RevId isn't a valid hexadecimal"})
+        end
+    end, RevIds),
     transfer_fields(Rest, Doc#doc{revs={Start, RevIds2}}, DbName);
 
 transfer_fields([{<<"_deleted">>, B} | Rest], Doc, DbName) when is_boolean(B) ->
index 848bae8..51f2289 100644 (file)
@@ -270,6 +270,12 @@ from_json_error_cases() ->
             "Revision ids must be strings."
         },
         {
+            {[{<<"_revisions">>, {[{<<"start">>, 0},
+                {<<"ids">>, [<<"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx">>]}]}}]},
+            {doc_validation, "RevId isn't a valid hexadecimal"},
+            "Revision ids must be a valid hex."
+        },
+        {
             {[{<<"_something">>, 5}]},
             {doc_validation, <<"Bad special document member: _something">>},
             "Underscore prefix fields are reserved."