Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-27209

BSONObj::getStringField() does not handle embedded null bytes correctly

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 5.3.0
    • Component/s: None
    • Labels:
    • Backwards Compatibility:
      Minor Change
    • Operating System:
      ALL
    • Sprint:
      Execution Team 2021-11-29, Execution Team 2021-12-13, Execution Team 2021-12-27, Execution Team 2022-01-10, Execution Team 2022-01-24
    • Linked BF Score:
      135

      Description

      A BSONElement of type String has a pointer + length implementation and therefore may contain an embedded null byte. BSONObj::getStringField uses valuestr in its implementation, which can lead us to incorrectly interpret the string as null terminated.

        Attachments

          Activity

            People

            Assignee:
            matt.kneiser Matt Kneiser
            Reporter:
            marko.vojvodic Marko Vojvodic
            Participants:
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: