[SERVER-32410] Validate User::CredentialData before attempting to perform authentication Created: 19/Dec/17  Updated: 30/Oct/23  Resolved: 21/Dec/17

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 3.2.19, 3.4.11, 3.6.3, 3.7.1

Type: Task Priority: Major - P3
Reporter: Sara Golemon Assignee: Sara Golemon
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Depends
Backwards Compatibility: Fully Compatible
Backport Requested:
v3.6, v3.4, v3.2
Participants:

 Comments   
Comment by Githook User [ 12/Jan/18 ]

Author:

{'email': 'sara.golemon@mongodb.com', 'name': 'Sara Golemon', 'username': 'sgolemon'}

Message: SERVER-32410 Validate User::CredentialData during auth

(cherry picked from commit fb8046d813af032d6d51327affbab9b6199fe654)

base64::validate() checks removed as they're a 3.6 API.
This doesn't materially hurt the fix as the later decodes
will fail in a predictable and correct way.

clang-format reapplied to match v3.2 formatting.
Branch: v3.2
https://github.com/mongodb/mongo/commit/385ed430991ed698ea4de674caddf526715f5f0d

Comment by Githook User [ 11/Jan/18 ]

Author:

{'email': 'sara.golemon@mongodb.com', 'name': 'Sara Golemon', 'username': 'sgolemon'}

Message: SERVER-32410 Validate User::CredentialData during auth

(cherry picked from commit fb8046d813af032d6d51327affbab9b6199fe654)

base64::validate() checks removed as they're a 3.6 API.
This doesn't materially hurt the fix as the later decodes
will fail in a predictable and correct way.
Branch: v3.4
https://github.com/mongodb/mongo/commit/f1f38099c3c964cc445f4805de0ce072b436e5cc

Comment by Githook User [ 10/Jan/18 ]

Author:

{'email': 'sara.golemon@mongodb.com', 'name': 'Sara Golemon', 'username': 'sgolemon'}

Message: SERVER-32410 Validate User::CredentialData during auth

(cherry picked from commit fb8046d813af032d6d51327affbab9b6199fe654)
Branch: v3.6
https://github.com/mongodb/mongo/commit/62dfefcf12986f71f3f71b38748d13ab98335b5b

Comment by Githook User [ 21/Dec/17 ]

Author:

{'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com', 'username': 'sgolemon'}

Message: SERVER-32410 Validate User::CredentialData during auth
Branch: master
https://github.com/mongodb/mongo/commit/fb8046d813af032d6d51327affbab9b6199fe654

Generated at Thu Feb 08 04:30:09 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.