Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-20358

Usernames can contain NULL characters

    XMLWordPrintable

Details

    • Minor Change
    • ALL
    • Hide

      > db.createUser(

      {user: "user\0\0\0\0", pwd: "test", roles: []}

      )
      2015-09-10T16:25:11.720-0400 I COMMAND [conn1] command test.$cmd command: createUser { createUser: "user", pwd: "xxx", roles: [], digestPassword: false, writeConcern:

      { w: "majority", wtimeout: 30000.0 }

      } ntoreturn:1 ntoskip:0 keyUpdates:0 writeConflicts:0 numYields:0 reslen:22 locks:{ Global: { acquireCount:

      { r: 4, w: 4 }

      }, Database: { acquireCount:

      { W: 4 }

      }, Collection: { acquireCount:

      { w: 1 }

      } } protocol:op_command 160ms
      Successfully added user:

      { "user" : "user\u0000\u0000\u0000\u0000", "roles" : [ ] }

      > use admin
      switched to db admin
      > db.system.users.find()
      { "_id" : "test.user\u0000\u0000\u0000\u0000", "user" : "user\u0000\u0000\u0000\u0000", "db" : "test", "credentials" : { "SCRAM-SHA-1" :

      { "iterationCount" : 10000, "salt" : "KiCV1E3AlJr2QSI7K/DAiw==", "storedKey" : "DGWmOyzDcwVKWHVzhs9VFIH01xQ=", "serverKey" : "ZpyGGNlRUUCgmtXz3Y3oWIJg8Jw=" }

      }, "roles" : [ ] }
      > use test
      switched to db test
      > db.auth("user\0\0\0\0", "test")
      2015-09-10T16:26:13.987-0400 I ACCESS [conn1] SCRAM-SHA-1 authentication failed for on test from client 127.0.0.1 ; BadValue Incorrect number of arguments for first SCRAM-SHA-1 client message, got 2 expected 4
      Error: Authentication failed.
      0

      Show
      > db.createUser( {user: "user\0\0\0\0", pwd: "test", roles: []} ) 2015-09-10T16:25:11.720-0400 I COMMAND [conn1] command test.$cmd command: createUser { createUser: "user", pwd: "xxx", roles: [], digestPassword: false, writeConcern: { w: "majority", wtimeout: 30000.0 } } ntoreturn:1 ntoskip:0 keyUpdates:0 writeConflicts:0 numYields:0 reslen:22 locks:{ Global: { acquireCount: { r: 4, w: 4 } }, Database: { acquireCount: { W: 4 } }, Collection: { acquireCount: { w: 1 } } } protocol:op_command 160ms Successfully added user: { "user" : "user\u0000\u0000\u0000\u0000", "roles" : [ ] } > use admin switched to db admin > db.system.users.find() { "_id" : "test.user\u0000\u0000\u0000\u0000", "user" : "user\u0000\u0000\u0000\u0000", "db" : "test", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "KiCV1E3AlJr2QSI7K/DAiw==", "storedKey" : "DGWmOyzDcwVKWHVzhs9VFIH01xQ=", "serverKey" : "ZpyGGNlRUUCgmtXz3Y3oWIJg8Jw=" } }, "roles" : [ ] } > use test switched to db test > db.auth("user\0\0\0\0", "test") 2015-09-10T16:26:13.987-0400 I ACCESS [conn1] SCRAM-SHA-1 authentication failed for on test from client 127.0.0.1 ; BadValue Incorrect number of arguments for first SCRAM-SHA-1 client message, got 2 expected 4 Error: Authentication failed. 0
    • Security E (01/01/16), Security F (01/29/16)

    Description

      It is possible to create usernames which contain NULL characters. It is not possible to log in to these accounts. It seems like if we wanted we could accept these characters. However https://tools.ietf.org/html/rfc5802 defines `value-safe-char`, which is used in the username and authzid, as:

         value-safe-char = %x01-2B / %x2D-3C / %x3E-7F /
                           UTF8-2 / UTF8-3 / UTF8-4
                           ;; UTF8-char except NUL, "=", and ",".
      

      There seem to be no provisions for encoding NULL characters.

      The authenticate command seems to have an unrelated bug that manifests itself in the same way.

      It seems likely that we do not want to be able to store usernames containing this character.

      Attachments

        Activity

          People

            rahul.dhodapkar Rahul Dhodapkar
            spencer.jackson@mongodb.com Spencer Jackson
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: