[SERVER-32941] applyOps command inserts documents without ever calling fixDocumentForInsert() Created: 27/Jan/18 Updated: 06/Dec/22 |
|
| Status: | Backlog |
| Project: | Core Server |
| Component/s: | Replication |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Max Hirschhorn | Assignee: | Backlog - Replication Team |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | applyOps | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Assigned Teams: |
Replication
|
||||||||||||||||
| Operating System: | ALL | ||||||||||||||||
| Participants: | |||||||||||||||||
| Linked BF Score: | 15 | ||||||||||||||||
| Description |
|
The applyOperation_inlock() function calls Collection::insertDocuments() directly. Since the "applyOps" command doesn't call the fixDocumentForInsert() function on its operations of type op='i' as part of its validation, this means (among other things) it is possible to insert documents with $-prefixed fields names, exceed the maximum depth for user storage, or use bad BSON types for the "_id" field. |
| Comments |
| Comment by Andy Schwerin [ 27/Jan/18 ] |
|
This is as designed. Secondaries must take the primary at it's word. If we want validation, it would need to be in the applyOps command, but even that would be risky for mongorestore. |