Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-7505

RamLog can read past end of buffer

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major - P3 Major - P3
    • None
    • 2.0.7, 2.2.0
    • Logging
    • None
    • ALL

    Description

      When a log line is longer than 255 characters, RamLog::write() does a memcpy() from a string::c_str() without null-terminating the string buffer. I don't see any protection in the get functions (unless I'm missing something?), so we may get bad/bogus data (or even segv) when requesting the RamLog's contents.

      https://github.com/mongodb/mongo/blob/master/src/mongo/util/ramlog.cpp#L51

      Attachments

        Activity

          People

            Unassigned Unassigned
            benjamin.becker Ben Becker
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: