[CDRIVER-2141] Do not allow appname URI option to be set by mongoc_uri_set_option_as_utf8() Created: 24/Apr/17 Updated: 28/Oct/23 Resolved: 24/Apr/17 |
|
| Status: | Closed |
| Project: | C Driver |
| Component/s: | libmongoc |
| Affects Version/s: | 1.5.0, 1.6.0 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Minor - P4 |
| Reporter: | Jeremy Mikola | Assignee: | Hannes Magnusson |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||
| Description |
|
Since mongoc_uri_option_is_utf8() returns true for "appname", a value may be assigned through mongoc_uri_set_option_as_utf8(), which will bypass the length validation done in mongoc_uri_set_appname(). This seems like an edge case that should be closed. I'm not sure if this poses a BC break, since previous versions of libmongoc (1.5 and 1.6) would default to return true from mongoc_uri_option_is_utf8() unless the option was a boolean, integer, or appeared in a blacklist. For 1.7, the function was changed to use a whitelist of known options, which included "appname" (16d03dc). |
| Comments |
| Comment by Githook User [ 25/Apr/17 ] |
|
Author: {u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'hannes.magnusson@gmail.com'}Message: Merge pull request #435 from jmikola/cdriver-2142
|
| Comment by Githook User [ 25/Apr/17 ] |
|
Author: {u'username': u'jmikola', u'name': u'Jeremy Mikola', u'email': u'jmikola@gmail.com'}Message: |
| Comment by Githook User [ 24/Apr/17 ] |
|
Author: {u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}Message: Validation logic for appname isn't enforced when setting through _as_utf8 |