Loading...

XML

Word

Printable

JSON

Type: Improvement
Resolution: Fixed
Priority: Critical - P2
Fix Version/s: 7.0.15, 5.0.30, 6.0.19, 8.0.2
Affects Version/s: None
Component/s: None
Labels:
- auto-reverted
- sp-bson

Assigned Teams:

Server Programmability
Backwards Compatibility:
Fully Compatible
Backport Requested:

v8.0, v7.0, v6.0, v5.0
Linked BF Score:
0

Currently there are places where we pass field names around using StringData, such as in the BSONObj::getField method, where there is a potential for the passed string to contain an embedded '\0' character. Inserting this in a BSON object would lead to structurally corrupt BSON data and undefined behavior.

While currently there are no known issues of this happening, it is a risk that can and should be mitigated by using a new type for strings that are valid for use as a field name.

is related to

SERVER-94955 Add more testing for $getField

In Code Review

related to

SERVER-95748 createRegex() in bsoncolumn_builder_fuzzer.cpp test code needs work

Open

Assignee:: Mathias Stearn

Reporter:: Geert Bosch

Participants:: Geert Bosch, Githook User, Mathias Stearn

Votes:: 0 Vote for this issue

Watchers:: 17 Start watching this issue

Created:: Sep 26 2024 02:43:23 PM UTC

Updated:: Oct 17 2024 09:02:54 PM UTC

Resolved:: Oct 17 2024 05:44:20 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates