[GODRIVER-895] bsonrw.valueReader does not verify length of string before slice for CodeWithScope Created: 21/Mar/19  Updated: 28/Oct/23  Resolved: 21/Feb/20

Status: Closed
Project: Go Driver
Component/s: BSON
Affects Version/s: 1.0.0
Fix Version/s: 1.3.1

Type: Bug Priority: Major - P3
Reporter: Kristofer Brandow (Inactive) Assignee: Isabella Siu (Inactive)
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   

Within the ReadCodeWithScope method of bsonrw.valueReader we don't check the length of strBytes before attempting to remove the null byte. This can cause a panic if the BSON is invalid and strLength is 0.

To fix this we need to check the length of strBytes and if it's 0 we need to return an error because the BSON is invalid.

 

Thanks to @dgryski for raising this.



 Comments   
Comment by Githook User [ 21/Feb/20 ]

Author:

{'name': 'iwysiu', 'username': 'iwysiu', 'email': 'isabella.siu@10gen.com'}

Message: GODRIVER-895 check if strLength is 0 in ReadCodeWithScope (#311)
Branch: release/1.3
https://github.com/mongodb/mongo-go-driver/commit/98345d4df1d99c616bddd5e228b0bf11d9f2811f

Comment by Githook User [ 21/Feb/20 ]

Author:

{'name': 'iwysiu', 'username': 'iwysiu', 'email': 'isabella.siu@10gen.com'}

Message: GODRIVER-895 check if strLength is 0 in ReadCodeWithScope (#311)
Branch: master
https://github.com/mongodb/mongo-go-driver/commit/0d3123c45e386a6de8f2443ab0d981b685e54e56

Generated at Thu Feb 08 08:35:12 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.