[MONGOCRYPT-457] Use CRLF instead of LF newlines Created: 08/Jul/22 Updated: 28/Oct/23 Resolved: 01/Aug/22 |
|
| Status: | Closed |
| Project: | Libmongocrypt |
| Component/s: | kms_message |
| Affects Version/s: | None |
| Fix Version/s: | 1.6.0, 1.6.0-alpha0 |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Anna Henningsen | Assignee: | Kevin Albertson |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Binding Changes: | Not Needed | ||||||||||||||||
| Description |
|
libmongocrypt should follow the HTTP/1.1 spec and use CRLF newlines instead of LF:
While currently the servers it communicates with may not make use of the fact that this is merely a "MAY" requirement that they can disregard, libmongocrypt should be future-proof and anticipate that servers could reject LF as a single line terminator in the future. Node.js just started doing so, with the effect of breaking the mongosh test suite for libmongocrypt requests, citing CVE-2022-32213 (details not yet available at time of writing) as the reason. |
| Comments |
| Comment by Githook User [ 06/Aug/22 ] |
|
Author: {'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}Message:
|
| Comment by Githook User [ 01/Aug/22 ] |
|
Author: {'name': 'Shane Harvey', 'email': 'shnhrv@gmail.com', 'username': 'ShaneHarvey'}Message: |
| Comment by Githook User [ 01/Aug/22 ] |
|
Author: {'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}Message: CSFLE_AWS_TEMP_SESSION_TOKEN will have a trailing "\r" when run on Windows hosts. |
| Comment by Githook User [ 27/Jul/22 ] |
|
Author: {'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}Message: |