Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-68836

Properly handle NaN and 0 in for LDAPTimeoutMS

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • None
    • 5.0.15, 6.2.0-rc0, 6.0.5
    • None
    • None
    • Fully Compatible
    • ALL
    • v6.0, v5.0, v4.4, v4.2
    • Security 2022-09-19, Security 2022-10-03, Security 2022-10-17, Security 2022-10-31, Security 2022-11-14
    • 138

    Description

      When a non-numeric value is specified for ldapTimeoutMS via setParameter, the double-to-int type coercion will result in undefined behavior depending on the processor architecture. For x86 systems, NaN was converted into the most negative integral value, which worked out fine here as we explicitly prevent values below 0. On ARM/Graviton systems, NaN gets converted to 0, which would be set. When connection pooling is disabled, the timeout is enforced by the system LDAP library. 

      We should explicitly check for `NaN`/non-numeric types in the BSONElement's value and reject them before attempting to coerce it into an integer. 

      Attachments

        Issue Links

          Activity

            People

              varun.ravichandran@mongodb.com Varun Ravichandran
              varun.ravichandran@mongodb.com Varun Ravichandran
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: