[SERVER-33624] Commands which accept UUIDs do not correctly validate that the collection belongs to the database over which the command was issued Created: 02/Mar/18  Updated: 29/Oct/23  Resolved: 05/Mar/18

Status: Closed
Project: Core Server
Component/s: Catalog
Affects Version/s: 3.7.2
Fix Version/s: 3.7.3

Type: Bug Priority: Major - P3
Reporter: David Storch Assignee: David Storch
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Problem/Incident
is caused by SERVER-32367 AutoGetCollectionOrView and its relat... Closed
Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: Query 2018-03-12
Participants:
Linked BF Score: 0

 Description   

Various commands accept UUIDs to uniquely identify a collection, instead of a a collection name. However, the RPC protocol for issuing commands also requires clients to include a particular database name. If the UUID identifies a collection within a different database from the one named in the command request, the intended behavior is that the command should fail.

This behavior was correctly implemented in 3.6, but appears to have regressed during 3.7 development. I believe the regression was caused by SERVER-32367, due to commit e5e8dde676.

This appears to affect several commands, so I think we should audit and test all of the commands that accept UUIDs as part of the fix. Here's a repro for the find command in particular:

(function() {
    "use strict";
 
    assert.writeOK(db.c.insert({}));
 
    let collectionInfos = db.getCollectionInfos({});
    let uuid = collectionInfos[0].info.uuid;
 
    let otherDb = db.getSisterDB("other");
    assert.commandFailed(otherDb.runCommand({find: uuid}));
}());



 Comments   
Comment by Githook User [ 05/Mar/18 ]

Author:

{'email': 'david.storch@10gen.com', 'name': 'David Storch', 'username': 'dstorch'}

Message: SERVER-33624 Check for db mismatch when resolving UUIDs for read commands.
Branch: master
https://github.com/mongodb/mongo/commit/94db3aad060d11ddd799c9027f2bcbb342ddcccd

Generated at Thu Feb 08 04:34:02 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.