[CDRIVER-4448] bson_validate accepts data rejected by bson_iter_visit_all Created: 01/Aug/22  Updated: 10/Apr/23

Status: Backlog
Project: C Driver
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Unknown
Reporter: Colby Pike Assignee: Colby Pike
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   

Summary

bson_validate uses bson_iter_visit_all to visit elements in the document. bson_iter_visit_all performs its own validation on document elements before passing them to the visitor. Invalid data caught by bson_iter_visit_all is never given to the validation visitor, and bson_validate does not handle the error indicated by bson_iter_visit_all.

Environment

Present in libbson r1.22

How to Reproduce

The following byte sequence will be accepted by bson_validate, but is invalid and generates an error in bson_iter_visit_all:

 

12 00 00 00 02 61 00 06 00 00 00 61 61 FF 61 61 00 00

(The FF byte is an not a valid UTF-8 code unit)

Additional Background

There are no test cases for bson_validate that handle invalid UTF-8 strings. It is possible there are other missing cases as well.


Generated at Wed Feb 07 21:20:57 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.