Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-29022

OpMsgRequest::getDatabase() should check type of _msg.body["$db"] before calling valueStringData()

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 3.5.7
    • Affects Version/s: None
    • Component/s: Networking
    • None
    • Fully Compatible
    • ALL
    • Hide 
      db.runCommand({$db: 127});
      Show
      db.runCommand({$db: 127});
    • Repl 2017-05-08
    • 0

      It is possible that the user's request specifies a type other than a string as the $db parameter, so checking the type is necessary to avoid performing an invalid memory access when using the returned StringData later on.

      class OpMsgRequest final : public rpc::RequestInterface {
public:
    explicit OpMsgRequest(OpMsg msg) : _msg(std::move(msg)) {}
    StringData getDatabase() const override {
        if (auto db = _msg.body["$db"]) {
            return db.valueStringData();
        }
        return "admin";
    }

            Assignee:
            mathias@mongodb.com Mathias Stearn
            Reporter:
            max.hirschhorn@mongodb.com Max Hirschhorn
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: