[SERVER-14190] mongorestore parseMetadataFile passes non-null terminated string to 'fromjson' Created: 06/Jun/14  Updated: 11/Mar/15  Resolved: 18/Jun/14

Status: Closed
Project: Core Server
Component/s: Tools
Affects Version/s: 2.6.1, 2.7.1
Fix Version/s: 2.6.8, 2.7.3

Type: Bug Priority: Minor - P4
Reporter: Andrew Morrow (Inactive) Assignee: Matt Kangas
Resolution: Done Votes: 0
Labels: address-sanitizer, community-team
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Operating System: ALL
Backport Completed:
Steps To Reproduce:

Run

ASAN_SYMBOLIZER_PATH=<path-to-llvm-symbolizer> buildscripts/smoke.py jstests/multiVersion/dumprestore_24.js

against a mongod built with --sanitize=address.

Sprint: Server 2.7.3
Participants:

 Description   

https://github.com/mongodb/mongo/blob/master/src/mongo/tools/restore.cpp#L735 reads data from a file, then passes the beginning of that data to 'mongo::fromjson'. However, it does not ensure that there is a terminating NULL character at the end of the buffer.

Found with address sanitizer.



 Comments   
Comment by Githook User [ 09/Feb/15 ]

Author:

{u'username': u'kangas', u'name': u'Matt Kangas', u'email': u'matt.kangas@mongodb.com'}

Message: SERVER-14190 fix possible non-null terminated string in mongorestore

(cherry picked from commit 4f3cf19d951ce143c541c01cd4ec87d06f40556d)
Branch: v2.6
https://github.com/mongodb/mongo/commit/0de9b597c0dba9401fbcd2dfbe8f51bb55ce3241

Comment by Githook User [ 18/Jun/14 ]

Author:

{u'username': u'kangas', u'name': u'Matt Kangas', u'email': u'matt.kangas@mongodb.com'}

Message: SERVER-14190 fix possible non-null terminated string in mongorestore
Branch: master
https://github.com/mongodb/mongo/commit/4f3cf19d951ce143c541c01cd4ec87d06f40556d

Generated at Thu Feb 08 03:34:07 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.