Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-10896

Enforce prohibition of embedded NULLs in role names.

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Done
    • Icon: Major - P3 Major - P3
    • 3.3.9
    • 2.5.2
    • Security
    • None
    • Minor Change
    • Security 16 (06/24/16)

    Description

      Expected behavior:

      > db.runCommand({createRole: "foo\0er", roles: [], privileges: []})
      { "ok" : 0, ... }

      Actual behavior:

      > db.runCommand({createRole: "foo\0er", roles: [], privileges: []})
      { "ok" : 1 }
      > db.getSiblingDB("admin").system.roles.find()
      { "_id" : "test.foo\u0000er", "name" : "foo\u0000er", "source" : "test", "privileges" : [ ], "roles" : [ ] }

      Attachments

        Activity

          People

            haikinh.hoang@mongodb.com Kinh Hoang
            schwerin@mongodb.com Andy Schwerin
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: