Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-14190

mongorestore parseMetadataFile passes non-null terminated string to 'fromjson'

    XMLWordPrintableJSON

Details

    • Fully Compatible
    • ALL
    • Hide

      Run

      ASAN_SYMBOLIZER_PATH=<path-to-llvm-symbolizer> buildscripts/smoke.py jstests/multiVersion/dumprestore_24.js

      against a mongod built with --sanitize=address.

      Show
      Run ASAN_SYMBOLIZER_PATH=<path-to-llvm-symbolizer> buildscripts/smoke.py jstests/multiVersion/dumprestore_24.js against a mongod built with --sanitize=address.
    • Server 2.7.3

    Description

      https://github.com/mongodb/mongo/blob/master/src/mongo/tools/restore.cpp#L735 reads data from a file, then passes the beginning of that data to 'mongo::fromjson'. However, it does not ensure that there is a terminating NULL character at the end of the buffer.

      Found with address sanitizer.

      Attachments

        Activity

          People

            matt.kangas Matt Kangas
            andrew.morrow@mongodb.com Andrew Morrow (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: