Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-41264

Mongocryptd is willing to mark single-valued types for encryption

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 4.1.12
    • Affects Version/s: 4.1.11
    • Component/s: Querying
    • None
    • Fully Compatible
    • ALL
    • Query 2019-06-03
    • None
    • 3
    • None
    • None
    • None
    • None
    • None
    • None

      As an example:

      MongoDB Enterprise > db.runCommand({insert: "c", documents: [{foo: null}], jsonSchema: {type: "object", properties: {foo: {encrypt: {algorithm: "AEAD_AES_256_CBC_HMAC_SHA_512-Random", keyId: [UUID()]}}}}})
{
    "hasEncryptionPlaceholders" : true,
    "schemaRequiresEncryption" : true,
    "result" : {
        "insert" : "c",
        "documents" : [
            {
                "foo" : BinData(6,"ACgAAAAQYQACAAAABWtpABAAAAAEZmnmqwnBSdWUoZ2vHYphTwp2AAA=")
            }
        ],
        "lsid" : {
            "id" : UUID("b9389483-7de4-44b8-a832-e4e264e5c1bc")
        }
    },
    "ok" : 1
}

      This should be illegal, since the client-side encryption system should not permit either random or deterministic encryption of null, undefined, minKey, and maxKey per SERVER-40516.

      The flaw is that we make these checks when analyzing the JSON schema, but not when we're actually producing intent-to-encrypt markings. The same validity checks need to be made in both places.

            Assignee:
            david.storch@mongodb.com David Storch
            Reporter:
            david.storch@mongodb.com David Storch
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: