Details
-
Bug
-
Resolution: Works as Designed
-
Minor - P4
-
None
-
None
-
None
-
v4.0, v3.6, v3.4
-
Security 2019-04-08
Description
With this configuration file:
net:
|
maxIncomingConnections: 5 |
maxIncomingConnectionsOverride: ["11.11.11.11/1"] |
the expected behavior is that only a client with an IP address of 11.11.11.11/1 should be able to overrride maxIncomingConnections. However, with the IP address set as such in the conf file anyone can connect to the mongod instance after the maxIncomingConnection limit is reached. Furthermore, the number of available connections become negative. This was tested as follows in the mongo shell:
> db.serverStatus().connections
|
{ "current" : 6, "available" : -1, "totalCreated" : 6 } |
Changing the CIDR block address to a valid one, for example:
net:
|
maxIncomingConnections: 5
|
maxIncomingConnectionsOverride: ["192.168.100.14/24"] |
My mongod version is:
mongod --version
|
db version v4.0.6
|
git version: caa42a1f75a56c7643d0b68d3880444375ec42e3
|
allocator: system
|
modules: none
|
build environment:
|
distarch: x86_64
|
target_arch: x86_64
|
Attachments
Issue Links
- clones
-
SERVER-40377 when maxIncomingConnectionsOverride contains invalid CIDR block, allows connections from any CIDR block
-
- Closed
-
- related to
-
SERVER-34986 CIDR Block That is Exempt from maxConns
-
- Closed
-