[CDRIVER-2020] Escaped null bytes in URI (%00) should be allowed Created: 03/Feb/17  Updated: 03/May/17  Resolved: 13/Feb/17

Status: Closed
Project: C Driver
Component/s: None
Affects Version/s: None
Fix Version/s: 1.7.0

Type: Task Priority: Major - P3
Reporter: Hannes Magnusson Assignee: Hannes Magnusson
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Epic Link: C Driver Connection String Spec

 Description   

diff --git a/tests/json/connection_uri/valid-auth.json b/tests/json/connection_uri/valid-auth.json
index 0b04f7d..36a7be3 100644
--- a/tests/json/connection_uri/valid-auth.json
+++ b/tests/json/connection_uri/valid-auth.json
@@ -39,25 +39,6 @@
       "options": null
     },
     {
-      "description": "User info for single IPv4 host with database (escaped null bytes)",
-      "uri": "mongodb://a%00lice:f%00oo@127.0.0.1/t%00est",
-      "valid": true,
-      "warning": false,
-      "hosts": [
-        {
-          "type": "ipv4",
-          "host": "127.0.0.1",
-          "port": null
-        }
-      ],
-      "auth": {
-        "username": "a\u0000lice",
-        "password": "f\u0000oo",
-        "db": "t\u0000est"
-      },
-      "options": null
-    },
-    {
       "description": "User info for single IP literal host without database",
       "uri": "mongodb://bob:bar@[::1]:27018",
       "valid": true,
@@ -327,4 +308,4 @@
       }
     }
   ]
-}
\ No newline at end of file
+}

diff --git a/tests/json/connection_uri/valid-options.json b/tests/json/connection_uri/valid-options.json
index 2a29ce2..4c2bded 100644
--- a/tests/json/connection_uri/valid-options.json
+++ b/tests/json/connection_uri/valid-options.json
@@ -20,23 +20,6 @@
       "options": {
         "authmechanism": "MONGODB-CR"
       }
-    },
-    {
-      "description": "Option key and value (escaped null bytes)",
-      "uri": "mongodb://example.com/?replicaSet=my%00rs",
-      "valid": true,
-      "warning": false,
-      "hosts": [
-        {
-          "type": "hostname",
-          "host": "example.com",
-          "port": null
-        }
-      ],
-      "auth": null,
-      "options": {
-        "replicaset": "my\u0000rs"
-      }
     }
   ]
-}
\ No newline at end of file
+}

Note that we have an explicit test that makes sure this is disallowed:

tests/test-mongoc-uri.c:722    ASSERT_URIDECODE_FAIL ("%00");                                                    



 Comments   
Comment by Hannes Magnusson [ 13/Feb/17 ]

The spec tests have removed the requirements to support %00

Comment by Githook User [ 06/Feb/17 ]

Author:

{u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}

Message: Merge branch 'CDRIVER-784-connection-uri-spec'

Comment by Githook User [ 06/Feb/17 ]

Author:

{u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}

Message: CDRIVER-2020 Escaped null bytes in URI (%00) should be allowed
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/6c996ca8d30a6348fb9849ed0d170187ecd9b89a

Generated at Wed Feb 07 21:13:54 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.