[CDRIVER-1876] libbson doesn't validate length inside binary subtype 0x02 Created: 22/Oct/16  Updated: 05/Jan/17  Resolved: 05/Jan/17

Status: Closed
Project: C Driver
Component/s: libbson
Affects Version/s: None
Fix Version/s: 1.6.0

Type: Bug Priority: Minor - P4
Reporter: David Golden Assignee: Backlog - C Driver Team
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to CDRIVER-1977 Invalid lengths for old binary format... Closed

 Description   

Deprecated subtype 0x02 includes a redundant length inside the binary payload. libbson doesn't validate this length and just skips over it.

_bson_iter_next_internal does validate that subtype 0x02 has at least 4 bytes for the inner length. It should validate that the inner length is consistent with the binary envelope as well.



 Comments   
Comment by Githook User [ 05/Jan/17 ]

Author:

{u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@mongodb.com'}

Message: CDRIVER-1876 extra validation for binary type 2

The deprecated binary subtype 2 has a redundant length prefix at the
start of the data, check it agrees with the total BSON element length.
Branch: master
https://github.com/mongodb/libbson/commit/1af72f285e8c7aafe2dfa1eb4030a66ee7f077b9

Generated at Wed Feb 07 21:13:29 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.