Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-68836

Properly handle NaN and 0 in for LDAPTimeoutMS

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major - P3 Major - P3
    • 4.4.19, 5.0.15, 6.0.5
    • None
    • None
    • None
    • Fully Compatible
    • ALL
    • v6.0, v5.0, v4.4, v4.2
    • Security 2022-09-19, Security 2022-10-03, Security 2022-10-17, Security 2022-10-31, Security 2022-11-14
    • 138

    Description

      When a non-numeric value is specified for ldapTimeoutMS via setParameter, the double-to-int type coercion will result in undefined behavior depending on the processor architecture. For x86 systems, NaN was converted into the most negative integral value, which worked out fine here as we explicitly prevent values below 0. On ARM/Graviton systems, NaN gets converted to 0, which would be set. When connection pooling is disabled, the timeout is enforced by the system LDAP library. 

      We should explicitly check for `NaN`/non-numeric types in the BSONElement's value and reject them before attempting to coerce it into an integer. 

      Attachments

        Activity

          People

            varun.ravichandran@mongodb.com Varun Ravichandran
            varun.ravichandran@mongodb.com Varun Ravichandran
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: