Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-68836

Properly handle NaN and 0 in for LDAPTimeoutMS

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 4.4.19, 5.0.15, 6.0.5
    • Affects Version/s: None
    • Component/s: None
    • Labels:
    • Fully Compatible
    • ALL
    • v6.0, v5.0, v4.4, v4.2
    • Security 2022-09-19, Security 2022-10-03, Security 2022-10-17, Security 2022-10-31, Security 2022-11-14
    • 138

      When a non-numeric value is specified for ldapTimeoutMS via setParameter, the double-to-int type coercion will result in undefined behavior depending on the processor architecture. For x86 systems, NaN was converted into the most negative integral value, which worked out fine here as we explicitly prevent values below 0. On ARM/Graviton systems, NaN gets converted to 0, which would be set. When connection pooling is disabled, the timeout is enforced by the system LDAP library. 

      We should explicitly check for `NaN`/non-numeric types in the BSONElement's value and reject them before attempting to coerce it into an integer. 

            varun.ravichandran@mongodb.com Varun Ravichandran
            varun.ravichandran@mongodb.com Varun Ravichandran
            0 Vote for this issue
            2 Start watching this issue