mongorestore parseMetadataFile passes non-null terminated string to 'fromjson'

XMLWordPrintableJSON

    • Fully Compatible
    • ALL
    • Hide

      Run

      ASAN_SYMBOLIZER_PATH=<path-to-llvm-symbolizer> buildscripts/smoke.py jstests/multiVersion/dumprestore_24.js

      against a mongod built with --sanitize=address.

      Show
      Run ASAN_SYMBOLIZER_PATH=<path-to-llvm-symbolizer> buildscripts/smoke.py jstests/multiVersion/dumprestore_24.js against a mongod built with --sanitize=address.
    • Server 2.7.3
    • None
    • 3
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      https://github.com/mongodb/mongo/blob/master/src/mongo/tools/restore.cpp#L735 reads data from a file, then passes the beginning of that data to 'mongo::fromjson'. However, it does not ensure that there is a terminating NULL character at the end of the buffer.

      Found with address sanitizer.

              Assignee:
              Matt Kangas (Inactive)
              Reporter:
              Andrew Morrow (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: