memcache icon indicating copy to clipboard operation
memcache copied to clipboard
verified publisher icon electrode-io

Memcache-Client Accepts Non-Compliant Keys

Open animecyc opened this issue 7 years ago • 0 comments

The memcache-client will accept keys that would cause the send to fail, you wont see this with the value as the data is packed. According to the ASCII protocol keys should be encoded, see: https://github.com/memcached/memcached/blob/ca66b826f25e1db83d191780e0bcac4a070c6911/doc/protocol.txt#L595-L598

The value of keys (and potentially other things) are "URI encoded". Since most keys used conform to standard ASCII, this should have no effect. For keys with less standard or binary characters, "%NN"'s are inserted to represent the byte, ie: "n%2Cfoo" for "n,foo".

One thing to note is that when a bad key is sent across the wire it puts the client in a bad state. The dequeued command fails, i'm not sure why. Subsequent commands will also fail.

I'm not sure key encoding should be an application concern, however, it seems like an oversight given you're able to easily break the existing delegate methods like set and get and put the client in a non-working state. Let me know if you need more info.

Reproduction

// Won't Work
someClient.set("my bad key", "my goo value")

// Work
someClient.set(encodeURIComponent(badKeyVal), value, (err, res) => console.log(res));

animecyc avatar Feb 10 '18 03:02 animecyc