[SERVER-10399] Unchecked string access in parseNs may yield garbage collection name for commands without collections Created: 01/Aug/13  Updated: 11/Jul/16  Resolved: 01/Aug/13

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 2.5.2

Type: Bug Priority: Major - P3
Reporter: Andrew Morrow (Inactive) Assignee: Andrew Morrow (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to SERVER-16072 Improve namespace construction in com... Closed
Operating System: ALL
Participants:

 Description   

parseNs (and parseNsFullyQualified) expect that the cmdObj provided will have a leading String valued field containing a collection name, so use the unchecked valuestr() method on BSONElement to obtain that value:

https://github.com/mongodb/mongo/blob/51af8d67570b33fa5d5b4d36b18215535d38dd85/src/mongo/db/commands.cpp#L67

However, some commands (like a database drop) do not have a collection name.

The auditing code in this file attempts to use these methods to format audit trail events for all commands. When it does so for commands that have no collection, the result is a collection name formed from whatever data is pointed to by the first element in the cmdObj, interpreted as a C string.



 Comments   
Comment by auto [ 01/Aug/13 ]

Author:

{u'username': u'acmorrow', u'name': u'Andrew Morrow', u'email': u'acm@10gen.com'}

Message: SERVER-10399 Fix invalid std::string construction in Command::parseNs
Branch: master
https://github.com/mongodb/mongo/commit/e5e0da93d60bc578bbc8539a7a1b02c8c18bfe21

Generated at Thu Feb 08 03:23:04 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.