Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-1876

libbson doesn't validate length inside binary subtype 0x02

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Minor - P4 Minor - P4
    • 1.6.0
    • Affects Version/s: None
    • Component/s: libbson
    • Labels:
      None

      Deprecated subtype 0x02 includes a redundant length inside the binary payload. libbson doesn't validate this length and just skips over it.

      _bson_iter_next_internal does validate that subtype 0x02 has at least 4 bytes for the inner length. It should validate that the inner length is consistent with the binary envelope as well.

            Assignee:
            backlog-c-driver [DO NOT USE] Backlog - C Driver Team
            Reporter:
            david.golden@mongodb.com David Golden
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: