{{ message }}
Commit 70dc6bf
authored
fix(spanner): catch recursion and decode errors in proto parsing to p… (#16561)
This PR fixes a Persistent Stored Denial of Service (DoS) vulnerability
in the google-cloud-spanner Python SDK (Issue 479858035).
**The Problem**
When the SDK attempts to deserialize a Protobuf-encoded row (via
_parse_proto() in _helpers.py) that contains a maliciously crafted
"recursion bomb" (e.g., a ListValue nested 1,000+ times), it triggers a
DecodeError or RecursionError. This unhandled exception crashes the
consumer thread and blocks the entire result set stream ("pipeline
blackhole").
**The Solution**
We modify _parse_proto to wrap the ParseFromString() call in a defensive
try...except block:
Catch RecursionError (triggered if Python hits its stack limit first in
pure Python implementations).
Catch google.protobuf.message.DecodeError (triggered by the C++
extension's internal limits).
If an error is caught: A warning is logged. The original raw bytes_value
is returned as a fallback (consistent with existing behavior when no
prototype is found). This allows the stream iterator to continue
processing subsequent rows.1 parent c5728b2 commit 70dc6bf
2 files changed
Lines changed: 64 additions & 5 deletions
Lines changed: 11 additions & 5 deletions
Lines changed: 53 additions & 0 deletions

0 commit comments