[SERVER-10186] setupSecurityKey should check character count after whitespace has been stripped Created: 11/Jul/13  Updated: 27/Oct/15  Resolved: 28/Aug/13

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 2.4.5
Fix Version/s: 2.5.3

Type: Bug Priority: Trivial - P5
Reporter: Spencer Jackson Assignee: Spencer Brody (Inactive)
Resolution: Done Votes: 0
Labels: pull-request
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by DOCS-1927 Document : setupSecurityKey should ch... Closed
Backwards Compatibility: Fully Compatible
Operating System: ALL
Steps To Reproduce:

1)Run mongod with a keyfile produced by running: openssl rand 768 | base64 -w 0

This key is exactly 1024 bytes long. The size of the output can be computed by (# input bytes) * 4 / 3. This formula comes from the fact that for every 3 bytes of input, 4 bytes of Base64 encoded output are produced.

2) Run mongod with a similarly sized key with whitespace. This can be made with: openssl rand 768 | base64

Participants:

 Description   

setupSecurityKey performs a check to ensure that the input keyFile is less than or equal to 1024 bytes. While processing the file, it will strip out whitespace it encounters. However, this whitespace will still count towards the size limit.

I believe this is why Windows requires smaller Base64ed keys. Its CLRF encoded linebreaks take up more characters. This is documented at http://docs.mongodb.org/manual/tutorial/generate-key-file/



 Comments   
Comment by Matt Kangas [ 28/Aug/13 ]

Proposed docs change: See https://github.com/mongodb/docs/pull/1122

Comment by auto [ 28/Aug/13 ]

Author:

{u'username': u'edaniels', u'name': u'Eric Daniels', u'email': u'eric.daniels@10gen.com'}

Message: SERVER-10186 setUpSecurityKey now only considers the true key length of the key from the file given

Signed-off-by: Matt Kangas <matt.kangas@mongodb.com>
Branch: master
https://github.com/mongodb/mongo/commit/0ebdd89f49cc8a690dec98ba725f72ade451fc76

Comment by Eric Daniels (Inactive) [ 22/Jul/13 ]

Updated setUpSecurity to address this as well as the corresponding http://docs.mongodb.org/manual/tutorial/generate-key-file/

Pull Requests:
https://github.com/mongodb/mongo/pull/457
https://github.com/mongodb/docs/pull/1122

Generated at Thu Feb 08 03:22:31 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.