[SERVER-18997] Server does not validate boolean values in BSON Created: 16/Jun/15  Updated: 19/Sep/15  Resolved: 21/Jul/15

Status: Closed
Project: Core Server
Component/s: Internal Code
Affects Version/s: 3.0.3
Fix Version/s: 3.1.7

Type: Improvement Priority: Major - P3
Reporter: Jeffrey Yemin Assignee: Andrew Morrow (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Minor Change
Sprint: Platform 6 07/17/15, Platform 7 08/10/15
Participants:

 Description   

The BSON specification mandates that a field of type boolean is a byte with either the value \x00 or \x01. The server does not check this as part of the BSON validation process. If a poorly written driver incorrectly used a different value to represent true or false, undefined behavior will result. For example, if I insert hand-crafted BSON where the value of a field "b" is of type boolean and the byte value is \x02:

> db.test.find()
{ "_id" : ObjectId("55806db733ee03327f4907ea"), "b" : true }
> db.test.count({b : true})
0
> db.test.count({b : false})
0

Furthermore, BSON decoders in different languages are written differently. Some convert the byte to a boolean with a check like "b != \x00", while others do "b == \x01", so the former would decode this field as true, while the latter will decode it as false.



 Comments   
Comment by Githook User [ 28/Jul/15 ]

Author:

{u'username': u'acmorrow', u'name': u'Andrew Morrow', u'email': u'acm@mongodb.com'}

Message: SERVER-18997 Enforce value of boolean byte in bson validation
Branch: master
https://github.com/mongodb/mongo/commit/c0ff368c1969914e4fc615eceb694c90863c887a

Comment by Githook User [ 21/Jul/15 ]

Author:

{u'username': u'acmorrow', u'name': u'Andrew Morrow', u'email': u'acm@mongodb.com'}

Message: SERVER-18997 Enforce value of boolean byte in bson validation
Branch: master
https://github.com/mongodb/mongo/commit/c0ff368c1969914e4fc615eceb694c90863c887a

Generated at Thu Feb 08 03:49:30 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.