Skip to content

[BUG] sang session id, if intentionally corrupted, leads to infinite recursion #112

New issue
New issue
Open
Open
[BUG] sang session id, if intentionally corrupted, leads to infinite recursion#112
Assignees
ks0m1c
Labels
lift.mediumexpected lift for it is medium. e.g. some unknowns expectedpriority.lowtype.bugSomething isn't working
@rtshkmr

Description

@rtshkmr
rtshkmr
opened on Sep 24, 2024

replication steps:

  1. load page normally at /explore
  2. refresh and see no issues
  3. inspect to see stored session id (for sanghsession)
  4. replace the id to use illegal char (non-hex) e.g. z can be used as the first char
  5. observe that the reinit of session is attempted infinitely and the VM's space will run out.

while this is a catastrophic bug, it can only happen now if a user manually modifies the id via devtools, so this bug is unlikely to present itself easily. Hence the lift and priority tags for this.

Metadata

Metadata

Assignees

Labels

lift.mediumexpected lift for it is medium. e.g. some unknowns expectedpriority.lowtype.bugSomething isn't working

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions