[SERVER-20808] Server should reject negative ntoreturn received with OP_GET_MORE message Created: 07/Oct/15  Updated: 17/May/19  Resolved: 21/Jan/16

Status: Closed
Project: Core Server
Component/s: Querying
Affects Version/s: None
Fix Version/s: 3.3.1

Type: Improvement Priority: Minor - P4
Reporter: David Storch Assignee: David Storch
Resolution: Done Votes: 0
Labels: neweng
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Documented
is documented by DOCS-8125 Wire protocol documentation should no... Closed
Related
is related to JAVA-2231 Legacy driver sends nToReturn of -1 f... Closed
Backwards Compatibility: Minor Change
Sprint: Query F (02/01/16)
Participants:

 Description   

The OP_GET_MORE wire protocol message includes an "ntoreturn" field which the client can set in order to indicate the number of results it wants in the batch. A value of zero means that there is no batchSize, and a positive value sets a specific batchSize. Negative values are not meaningful, but the server is willing to accept them. (The implementation is such that the server will happen to return batches of size 1 when it receives a negative ntoreturn.) Instead, the server should return an error to the client.

Discovered because the shell will pass a negative ntoreturn with the OP_GET_MORE if the initial query has a negative limit. As far as I know this is currently only possible with a tailable cursor:

./mongo --readMode legacy
> db.c.drop();
> db.createCollection("c", {capped: true, size: 1024});
> db.c.insert({_id: 1});
 
// As expected, sends an OP_QUERY with ntoreturn of -20.
> var cursor = db.c.find().addOption(2).limit(-20);
> cursor.next();
{ "_id" : 1 }
 
// Sends an OP_GET_MORE with ntoreturn of -20 rather than +20.
> db.c.insert({_id: 2});
> cursor.next();
{ "_id" : 2 }

As part of this ticket, we should fix the shell to not send a negative OP_GET_MORE ntoreturn in this corner case.

The getMore command properly rejects negative batchSize values, so this only affects legacy OP_QUERY/OP_GET_MORE reads.



 Comments   
Comment by Githook User [ 21/Jan/16 ]

Author:

{u'username': u'dstorch', u'name': u'David Storch', u'email': u'david.storch@10gen.com'}

Message: SERVER-20808 reject negative ntoreturn on OP_GET_MORE messages

Also makes negative ntoreturn an error on a tailable cursor, which was
previously the only known edge case in which the shell could send a
negative ntoreturn with a getMore.
Branch: master
https://github.com/mongodb/mongo/commit/abafc33866c53f6339e2f30f11077a692d64c709

Generated at Thu Feb 08 03:55:21 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.