[SERVER-35596] "max" field of the createCollection command should be sanitized prior to being interpreted as a long long Created: 14/Jun/18 Updated: 29/Oct/23 Resolved: 05/Jul/18 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Catalog |
| Affects Version/s: | None |
| Fix Version/s: | 4.1.1 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Maria van Keulen | Assignee: | Sean Tao |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | neweng | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||
| Operating System: | ALL | ||||||||||||
| Sprint: | Storage NYC 2018-07-02, Storage NYC 2018-07-16 | ||||||||||||
| Participants: | |||||||||||||
| Linked BF Score: | 15 | ||||||||||||
| Description |
|
Presently, the "max" field that is passed to createCollection is not checked to be within bounds of long long representation prior to being converted to a long long. One fix for this is to use the safeNumberLong() function where we parse the value. |
| Comments |
| Comment by Githook User [ 05/Jul/18 ] |
|
Author: {'name': 'Sean Tao', 'email': 'sean.tao@10gen.com'}Message: |