[CDRIVER-298] Missing check for data type of _id field in gridfs files collection Created: 18/Mar/14  Updated: 03/May/17  Resolved: 20/Mar/14

Status: Closed
Project: C Driver
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Vahe Sahakyan Assignee: Unassigned
Resolution: Done Votes: 0
Labels: crash
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   

If _id field type in <gridfs>.files collection is not ObjectID, driver crashes with Segmentation fault in file mongoc-gridfs-file.c on function _mongoc_gridfs_file_new_from_bson.



 Comments   
Comment by Christian Hergert [ 19/Mar/14 ]

Fixed in master, sorry for the leak

Comment by Vahe Sahakyan [ 19/Mar/14 ]

Unfortunately now there is a memory leak for this simple case of reading one file and destroying it. Here is the output of valgrind

73 bytes in 1 blocks are definitely lost in loss record 508 of 566
at 0x4C274A0: malloc (vg_replace_malloc.c:291)
by 0x5065E48: bson_malloc (bson-memory.c:54)
by 0x5067310: bson_value_copy (bson-value.c:93)
by 0x4E43B0D: _mongoc_gridfs_file_new_from_bson (mongoc-gridfs-file.c:209)
by 0x4E444FA: mongoc_gridfs_file_list_next (mongoc-gridfs-file-list.c:65)
by 0x4E42E8B: mongoc_gridfs_find_one (mongoc-gridfs.c:192)

Comment by Vahe Sahakyan [ 19/Mar/14 ]

Thanks for super-fast fix

Comment by Christian Hergert [ 18/Mar/14 ]

Fixed in master.

Comment by Christian Hergert [ 18/Mar/14 ]

Do you mind trying out libbson/mongo-c-driver from master? Building mongo-c-driver from master should use the bundled libbson (don't forget git submodule update, though).

I've added a new boxed type (bson_value_t) to libbson that allows us to encapsulate fields that don't matter much what their underlying type is. This was a libbson abi break though, so you'll definitely need to update both.

Additionally, I've added type checks on the other fields as you can see here: https://github.com/mongodb/mongo-c-driver/blob/a4cd117ae59a2a87a69401e7a618949cc44e3e0f/src/mongoc/mongoc-gridfs-file.c#L204

– Christian

Comment by Christian Hergert [ 18/Mar/14 ]

This has been on my cleanup todo list. Thanks for creating the bug

Comment by Vahe Sahakyan [ 18/Mar/14 ]

Actually types are not verified at all

      if (0 == strcmp (key, "_id")) {
         bson_oid_copy (bson_iter_oid (&iter), &file->files_id);
      } else if (0 == strcmp (key, "length")) {
         file->length = bson_iter_as_int64 (&iter);
      } else if (0 == strcmp (key, "chunkSize")) {
         file->chunk_size = bson_iter_int32 (&iter);
      } else if (0 == strcmp (key, "uploadDate")) {
         file->upload_date = bson_iter_date_time (&iter);
      } else if (0 == strcmp (key, "md5")) {
         file->bson_md5 = bson_iter_utf8 (&iter, NULL);
      } else if (0 == strcmp (key, "filename")) {
         file->bson_filename = bson_iter_utf8 (&iter, NULL);
      } else if (0 == strcmp (key, "contentType")) {
         file->bson_content_type = bson_iter_utf8 (&iter, NULL);
      } else if (0 == strcmp (key, "aliases")) {
         bson_iter_array (&iter, &buf_len, &buf);
         bson_init_static (&file->bson_aliases, buf, buf_len);
      } else if (0 == strcmp (key, "metadata")) {
         bson_iter_document (&iter, &buf_len, &buf);
         bson_init_static (&file->bson_metadata, buf, buf_len);
      }

Generated at Wed Feb 07 21:09:03 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.