[CDRIVER-1876] libbson doesn't validate length inside binary subtype 0x02 Created: 22/Oct/16 Updated: 05/Jan/17 Resolved: 05/Jan/17 |
|
| Status: | Closed |
| Project: | C Driver |
| Component/s: | libbson |
| Affects Version/s: | None |
| Fix Version/s: | 1.6.0 |
| Type: | Bug | Priority: | Minor - P4 |
| Reporter: | David Golden | Assignee: | Backlog - C Driver Team |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Description |
|
Deprecated subtype 0x02 includes a redundant length inside the binary payload. libbson doesn't validate this length and just skips over it. _bson_iter_next_internal does validate that subtype 0x02 has at least 4 bytes for the inner length. It should validate that the inner length is consistent with the binary envelope as well. |
| Comments |
| Comment by Githook User [ 05/Jan/17 ] |
|
Author: {u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@mongodb.com'}Message: The deprecated binary subtype 2 has a redundant length prefix at the |