[SERVER-68836] Properly handle NaN and 0 in for LDAPTimeoutMS - MongoDB Jira

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major - P3
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 4.4.19, 5.0.15, 6.0.5
Component/s: None
Labels:
None

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Backport Requested:

v6.0, v5.0, v4.4, v4.2
Sprint:
Security 2022-09-19, Security 2022-10-03, Security 2022-10-17, Security 2022-10-31, Security 2022-11-14
Linked BF Score:
138

Description

When a non-numeric value is specified for ldapTimeoutMS via setParameter, the double-to-int type coercion will result in undefined behavior depending on the processor architecture. For x86 systems, NaN was converted into the most negative integral value, which worked out fine here as we explicitly prevent values below 0. On ARM/Graviton systems, NaN gets converted to 0, which would be set. When connection pooling is disabled, the timeout is enforced by the system LDAP library.

We should explicitly check for `NaN`/non-numeric types in the BSONElement's value and reject them before attempting to coerce it into an integer.

Attachments

Issue Links

is related to

SERVER-68309 Investigate for unsafe narrowing conversions

Closed

Activity

People

Assignee:: Varun Ravichandran

Reporter:: Varun Ravichandran

Participants:: Githook User, Varun Ravichandran

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: Aug 15 2022 03:52:32 PM UTC

Updated:: Feb 14 2023 05:00:45 AM UTC

Resolved:: Nov 12 2022 12:15:53 AM UTC