[SERVER-14398] validateBSON() should reject Arrays whose field names do not match the BSON spec. Created: 30/Jun/14 Updated: 10/May/22 |
|
| Status: | Backlog |
| Project: | Core Server |
| Component/s: | Networking |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Alexander Komyagin | Assignee: | DO NOT USE - Backlog - Platform Team |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | move-sa, platforms-re-triaged | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Backwards Compatibility: | Minor Change | ||||
| Operating System: | ALL | ||||
| Participants: | |||||
| Description |
|
At least C driver under some uses constructs arrays without the field names. We should not silently fail, but rather reject the input. The BSON Spec is ambiguous, but what it's supposed to say is that a BSON array is encoded like an object, where the field name of each element is the UTF-8 string of the base-10 encoding of the element's position in the array. The first element has field name "0", the second "1", the eleventh "10", and so on. The validateBSON() method is used by the server in standard operation to validate the incoming BSON adheres to the spec, and we should extend its implementation to also validate array field names. |
| Comments |
| Comment by Steven Vannelli [ 10/May/22 ] |
|
Moving this ticket to the Backlog and removing the "Backlog" fixVersion as per our latest policy for using fixVersions. |