[GODRIVER-895] bsonrw.valueReader does not verify length of string before slice for CodeWithScope Created: 21/Mar/19 Updated: 28/Oct/23 Resolved: 21/Feb/20 |
|
| Status: | Closed |
| Project: | Go Driver |
| Component/s: | BSON |
| Affects Version/s: | 1.0.0 |
| Fix Version/s: | 1.3.1 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Kristofer Brandow (Inactive) | Assignee: | Isabella Siu (Inactive) |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Description |
|
Within the ReadCodeWithScope method of bsonrw.valueReader we don't check the length of strBytes before attempting to remove the null byte. This can cause a panic if the BSON is invalid and strLength is 0. To fix this we need to check the length of strBytes and if it's 0 we need to return an error because the BSON is invalid.
Thanks to @dgryski for raising this. |
| Comments |
| Comment by Githook User [ 21/Feb/20 ] |
|
Author: {'name': 'iwysiu', 'username': 'iwysiu', 'email': 'isabella.siu@10gen.com'}Message: |
| Comment by Githook User [ 21/Feb/20 ] |
|
Author: {'name': 'iwysiu', 'username': 'iwysiu', 'email': 'isabella.siu@10gen.com'}Message: |