[SERVER-10186] setupSecurityKey should check character count after whitespace has been stripped Created: 11/Jul/13 Updated: 27/Oct/15 Resolved: 28/Aug/13 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | 2.4.5 |
| Fix Version/s: | 2.5.3 |
| Type: | Bug | Priority: | Trivial - P5 |
| Reporter: | Spencer Jackson | Assignee: | Spencer Brody (Inactive) |
| Resolution: | Done | Votes: | 0 |
| Labels: | pull-request | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||
| Operating System: | ALL | ||||||||
| Steps To Reproduce: | 1)Run mongod with a keyfile produced by running: openssl rand 768 | base64 -w 0 This key is exactly 1024 bytes long. The size of the output can be computed by (# input bytes) * 4 / 3. This formula comes from the fact that for every 3 bytes of input, 4 bytes of Base64 encoded output are produced. 2) Run mongod with a similarly sized key with whitespace. This can be made with: openssl rand 768 | base64 |
||||||||
| Participants: | |||||||||
| Description |
|
setupSecurityKey performs a check to ensure that the input keyFile is less than or equal to 1024 bytes. While processing the file, it will strip out whitespace it encounters. However, this whitespace will still count towards the size limit. I believe this is why Windows requires smaller Base64ed keys. Its CLRF encoded linebreaks take up more characters. This is documented at http://docs.mongodb.org/manual/tutorial/generate-key-file/ |
| Comments |
| Comment by Matt Kangas [ 28/Aug/13 ] |
|
Proposed docs change: See https://github.com/mongodb/docs/pull/1122 |
| Comment by auto [ 28/Aug/13 ] |
|
Author: {u'username': u'edaniels', u'name': u'Eric Daniels', u'email': u'eric.daniels@10gen.com'}Message: Signed-off-by: Matt Kangas <matt.kangas@mongodb.com> |
| Comment by Eric Daniels (Inactive) [ 22/Jul/13 ] |
|
Updated setUpSecurity to address this as well as the corresponding http://docs.mongodb.org/manual/tutorial/generate-key-file/ Pull Requests: |