Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-26148

Commands should convert integers from user input safely

    XMLWordPrintable

Details

    • Bug
    • Status: Backlog
    • Major - P3
    • Resolution: Unresolved
    • 3.3.12
    • None
    • Stability
    • ALL

    Description

      Currently, almost all commands use BSONElement::numberLong or BSONElement::numberInt to parse user input for fields that expect a number. This results in undefined behavior when the input is outside the range of a valid integer type.

      User-facing commands should use BSONElement::safeNumberLong instead. See the geoNear command as an example.

      Attachments

        Issue Links

          Activity

            People

              backlog-query-optimization Backlog - Query Optimization
              robert.guo@mongodb.com Robert Guo
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated: