bson_validate accepts data rejected by bson_iter_visit_all

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Gone away
    • Priority: Unknown
    • None
    • Affects Version/s: None
    • Component/s: None
    • None
    • Not Needed
    • None
    • Hide

      1. What would you like to communicate to the user about this feature?
      2. Would you like the user to see examples of the syntax and/or executable code and its output?
      3. Which versions of the driver/connector does this apply to?

      Show
      1. What would you like to communicate to the user about this feature? 2. Would you like the user to see examples of the syntax and/or executable code and its output? 3. Which versions of the driver/connector does this apply to?
    • None
    • None
    • None
    • None
    • None
    • None

      Summary

      bson_validate uses bson_iter_visit_all to visit elements in the document. bson_iter_visit_all performs its own validation on document elements before passing them to the visitor. Invalid data caught by bson_iter_visit_all is never given to the validation visitor, and bson_validate does not handle the error indicated by bson_iter_visit_all.

      Environment

      Present in libbson r1.22

      How to Reproduce

      The following byte sequence will be accepted by bson_validate, but is invalid and generates an error in bson_iter_visit_all:

       

      12 00 00 00 02 61 00 06 00 00 00 61 61 FF 61 61 00 00

      (The FF byte is an not a valid UTF-8 code unit)

      Additional Background

      There are no test cases for bson_validate that handle invalid UTF-8 strings. It is possible there are other missing cases as well.

            Assignee:
            Colby Pike
            Reporter:
            Colby Pike
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: