[CDRIVER-1877] libbson doesn't verify dbpointer collection name string is null terminated Created: 23/Oct/16  Updated: 15/Nov/16  Resolved: 14/Nov/16

Status: Closed
Project: C Driver
Component/s: libbson
Affects Version/s: None
Fix Version/s: 1.5.0

Type: Bug Priority: Minor - P4
Reporter: David Golden Assignee: A. Jesse Jiryu Davis
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to PHPC-714 Implement BSON corpus test suite Closed
is related to CDRIVER-1889 Implement BSON Corpus tests runner Closed

 Description   

The spec requires collection name in a DBPointer type to be a "string" – i.e. a length + bytes + 0x00. libbson doesn't verify that the null byte is actually null. It appears to just skip over it.

Here is an example of a BSON string with valid DBPointer as visualized with 'bsonview' in the BSON corpus spec:

1A0000000C610002000000620056E1FC72E0C917E9C471416100
 1a000000 0c "a" 00 02000000 "b" 00 56E1FC72E0C917E9C4714161 00

Here is a slightly modified version of the above (a case that should fail to parse according to the spec). Instead of 0x00, the trailing "null" of the collection name is 0x62 (marked with ^^):

1A0000000C610002000000626256E1FC72E0C917E9C471416100
 1a000000 0c "a" 00 02000000 6262 56e1fc72e0c917e9c471416100
                               ^^

libbson considers the latter case to be a valid DBPointer.



 Comments   
Comment by Githook User [ 15/Nov/16 ]

Author:

{u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@mongodb.com'}

Message: CDRIVER-1877 check DBPointer ns is NULL-terminated
Branch: master
https://github.com/mongodb/libbson/commit/dc225194f61eaa606eb9f1acbab96e8987aed2c5

Generated at Wed Feb 07 21:13:29 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.