Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-97683

Server does not validate hostname for invalid UTF-8 characters

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Unresolved
    • Priority: Icon: Minor - P4 Minor - P4
    • None
    • Affects Version/s: None
    • Component/s: None
    • Networking & Observability
    • ALL
    • Hide 
      #include <unistd.h>

int main() {
  sethostname("hostnam\xff", 8);
}

      gcc -o test test.c
sudo ./test
npx mongodb-runner start -t standalone --version=8.0.x -- --port=27017
# alternative: download + start server manually
# observe failures:
mongosh localhost:27017/admin --eval 'db.aggregate([{ $currentOp: {} }])'
# or:
mongosh localhost:27017/admin --eval 'db.adminCommand({ hostInfo: 1 })'
      Show
      #include <unistd.h> int main() { sethostname( "hostnam\xff" , 8); } gcc -o test test.c sudo ./test npx mongodb-runner start -t standalone --version=8.0.x -- --port=27017 # alternative: download + start server manually # observe failures: mongosh localhost:27017/admin --eval 'db.aggregate([{ $currentOp: {} }])' # or: mongosh localhost:27017/admin --eval 'db.adminCommand({ hostInfo: 1 })'

      When MongoDB reads the hostname, it does not ensures that the hostname in question contains valid UTF-8. Drivers may then report errors when trying to run commands that report back this hostname verbatim while trying to decode the string back from UTF-8.

      Validated on Linux hostnam? 5.15.0-1020-aws #24-Ubuntu SMP Thu Sep 1 16:05:45 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux but likely applicable to all operating systems that don't directly validate hostname strings.

            Assignee:
            Unassigned Unassigned
            Reporter:
            anna.henningsen@mongodb.com Anna Henningsen
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated: