Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-20358

Usernames can contain NULL characters

    XMLWordPrintable

    Details

    • Backwards Compatibility:
      Minor Change
    • Operating System:
      ALL
    • Backport Completed:
    • Steps To Reproduce:
      Hide

      > db.createUser(

      {user: "user\0\0\0\0", pwd: "test", roles: []}

      )
      2015-09-10T16:25:11.720-0400 I COMMAND [conn1] command test.$cmd command: createUser { createUser: "user", pwd: "xxx", roles: [], digestPassword: false, writeConcern:

      { w: "majority", wtimeout: 30000.0 }

      } ntoreturn:1 ntoskip:0 keyUpdates:0 writeConflicts:0 numYields:0 reslen:22 locks:{ Global: { acquireCount:

      { r: 4, w: 4 }

      }, Database: { acquireCount:

      { W: 4 }

      }, Collection: { acquireCount:

      { w: 1 }

      } } protocol:op_command 160ms
      Successfully added user:

      { "user" : "user\u0000\u0000\u0000\u0000", "roles" : [ ] }

      > use admin
      switched to db admin
      > db.system.users.find()
      { "_id" : "test.user\u0000\u0000\u0000\u0000", "user" : "user\u0000\u0000\u0000\u0000", "db" : "test", "credentials" : { "SCRAM-SHA-1" :

      { "iterationCount" : 10000, "salt" : "KiCV1E3AlJr2QSI7K/DAiw==", "storedKey" : "DGWmOyzDcwVKWHVzhs9VFIH01xQ=", "serverKey" : "ZpyGGNlRUUCgmtXz3Y3oWIJg8Jw=" }

      }, "roles" : [ ] }
      > use test
      switched to db test
      > db.auth("user\0\0\0\0", "test")
      2015-09-10T16:26:13.987-0400 I ACCESS [conn1] SCRAM-SHA-1 authentication failed for on test from client 127.0.0.1 ; BadValue Incorrect number of arguments for first SCRAM-SHA-1 client message, got 2 expected 4
      Error: Authentication failed.
      0

      Show
      > db.createUser( {user: "user\0\0\0\0", pwd: "test", roles: []} ) 2015-09-10T16:25:11.720-0400 I COMMAND [conn1] command test.$cmd command: createUser { createUser: "user", pwd: "xxx", roles: [], digestPassword: false, writeConcern: { w: "majority", wtimeout: 30000.0 } } ntoreturn:1 ntoskip:0 keyUpdates:0 writeConflicts:0 numYields:0 reslen:22 locks:{ Global: { acquireCount: { r: 4, w: 4 } }, Database: { acquireCount: { W: 4 } }, Collection: { acquireCount: { w: 1 } } } protocol:op_command 160ms Successfully added user: { "user" : "user\u0000\u0000\u0000\u0000", "roles" : [ ] } > use admin switched to db admin > db.system.users.find() { "_id" : "test.user\u0000\u0000\u0000\u0000", "user" : "user\u0000\u0000\u0000\u0000", "db" : "test", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "KiCV1E3AlJr2QSI7K/DAiw==", "storedKey" : "DGWmOyzDcwVKWHVzhs9VFIH01xQ=", "serverKey" : "ZpyGGNlRUUCgmtXz3Y3oWIJg8Jw=" } }, "roles" : [ ] } > use test switched to db test > db.auth("user\0\0\0\0", "test") 2015-09-10T16:26:13.987-0400 I ACCESS [conn1] SCRAM-SHA-1 authentication failed for on test from client 127.0.0.1 ; BadValue Incorrect number of arguments for first SCRAM-SHA-1 client message, got 2 expected 4 Error: Authentication failed. 0
    • Sprint:
      Security E (01/01/16), Security F (01/29/16)

      Description

      It is possible to create usernames which contain NULL characters. It is not possible to log in to these accounts. It seems like if we wanted we could accept these characters. However https://tools.ietf.org/html/rfc5802 defines `value-safe-char`, which is used in the username and authzid, as:

         value-safe-char = %x01-2B / %x2D-3C / %x3E-7F /
                           UTF8-2 / UTF8-3 / UTF8-4
                           ;; UTF8-char except NUL, "=", and ",".
      

      There seem to be no provisions for encoding NULL characters.

      The authenticate command seems to have an unrelated bug that manifests itself in the same way.

      It seems likely that we do not want to be able to store usernames containing this character.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: