[SERVER-33744] Server does not enforce handshake protocol requirement that 'application.name' be present if the client metadata defines an 'application' section Created: 08/Mar/18  Updated: 27/Oct/23  Resolved: 27/Apr/18

Status: Closed
Project: Core Server
Component/s: Internal Code
Affects Version/s: 3.6.0
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Bernard Gorman Assignee: Mark Benvenuto
Resolution: Works as Designed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Operating System: ALL
Participants:

 Description   

Per the handshake protocol spec, we require that if the optional 'application' section is specified in the metadata passed by the driver to the server, then the 'name' subfield must be specified (and presumably non-empty). Currently, client_metadata.cpp does not enforce this requirement; it only checks that the 'name' field is of type string if present.



 Comments   
Comment by Bernard Gorman [ 28/Apr/18 ]

Sorry mark.benvenuto, this slipped off my radar. Re: the in-code comment above, I'm not sure what else "Optional with caveats" could mean, other than that the 'name' is optional only in the sense that the enclosing optional-with-no-caveats 'application' document may be omitted. I don't see any dependencies between the 'name' field and any other fields in the spec that this could be referring to.

Comment by Mark Benvenuto [ 30/Mar/18 ]

While the drivers spec does say that, the server code that is the authoritative source does not: See https://github.com/markbenvenuto/mongo/blob/809c0e8f6974cfb78585f063ee368cfd484fe818/src/mongo/rpc/metadata/client_metadata.h#L56-L58

 * Example document of isMaster request with client metadata document:
 * {
 *    "isMaster" : 1,
 *    "client" : {
 *        "application" : {              // Optional
 *            "name" : "string"          // Optional with caveats
 *        },

Comment by Bernard Gorman [ 30/Mar/18 ]

mark.benvenuto: My understanding of the spec is that the client can choose to omit the application section entirely, but if present it cannot be empty, and in particular must include the name field. The clearest statement of this requirement is the following, from the spec:

{
    isMaster: 1,
    client: {
        /* OPTIONAL. If present, the "name" is REQUIRED */
        application: {
            name: "<string>"
        },
...

Comment by Mark Benvenuto [ 29/Mar/18 ]

The application name field is always optional. I think it is a driver spec bug for existence of the application section to imply the name field is required.

Generated at Thu Feb 08 04:34:27 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.