[SERVER-10896] Enforce prohibition of embedded NULLs in role names. Created: 25/Sep/13  Updated: 05/Jul/16  Resolved: 20/Jun/16

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 2.5.2
Fix Version/s: 3.3.9

Type: Improvement Priority: Major - P3
Reporter: Andy Schwerin Assignee: Kinh Hoang
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to SERVER-10897 User and role names should be canonic... Backlog
related to SERVER-10898 Passwords should be canonicalized acc... Closed
Backwards Compatibility: Minor Change
Sprint: Security 16 (06/24/16)
Participants:

 Description   

Expected behavior:

> db.runCommand({createRole: "foo\0er", roles: [], privileges: []})
{ "ok" : 0, ... }

Actual behavior:

> db.runCommand({createRole: "foo\0er", roles: [], privileges: []})
{ "ok" : 1 }
> db.getSiblingDB("admin").system.roles.find()
{ "_id" : "test.foo\u0000er", "name" : "foo\u0000er", "source" : "test", "privileges" : [ ], "roles" : [ ] }



 Comments   
Comment by Kinh Hoang [ 20/Jun/16 ]

Ticket resolved in commit: c7c211884b9dce69dce5a64f037628346a0a40ca

https://github.com/mongodb/mongo/commit/c7c211884b9dce69dce5a64f037628346a0a40ca

Generated at Thu Feb 08 03:24:20 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.