mongorestore parseMetadataFile passes non-null terminated string to 'fromjson'

XMLWordPrintableJSON

    • Fully Compatible
    • ALL
    • Hide

      Run

      ASAN_SYMBOLIZER_PATH=<path-to-llvm-symbolizer> buildscripts/smoke.py jstests/multiVersion/dumprestore_24.js

      against a mongod built with --sanitize=address.

      Show
      Run ASAN_SYMBOLIZER_PATH=<path-to-llvm-symbolizer> buildscripts/smoke.py jstests/multiVersion/dumprestore_24.js against a mongod built with --sanitize=address.
    • Server 2.7.3
    • None
    • 3
    • None
    • None
    • None
    • None
    • None
    • None

      https://github.com/mongodb/mongo/blob/master/src/mongo/tools/restore.cpp#L735 reads data from a file, then passes the beginning of that data to 'mongo::fromjson'. However, it does not ensure that there is a terminating NULL character at the end of the buffer.

      Found with address sanitizer.

            Assignee:
            Matt Kangas (Inactive)
            Reporter:
            Andrew Morrow (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: