[SERVER-35995] _flushForQueryPredicate should handle malformed oplog entries Created: 06/Jul/18  Updated: 06/Dec/22  Resolved: 10/Jul/18

Status: Closed
Project: Core Server
Component/s: Replication
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Matthew Russotto Assignee: Backlog - Replication Team
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Related
Assigned Teams:
Replication
Operating System: ALL
Backport Requested:
v4.0, v3.6
Participants:

 Description   

During oplog application, SessionUpdateTracker::_flushForQueryPredicate expects an oplog entry for "config.transactions" to contain an "_id" field which is an object. If it is not, we assert with code 10065 (in BSONElement::Obj()). Since we do not prevent arbitrary updates to config.transactions, we must be able to survive malformed entries.



 Comments   
Comment by Tess Avitabile (Inactive) [ 10/Jul/18 ]

Thanks, max.hirschhorn, I filed SERVER-36056.

Comment by Max Hirschhorn [ 10/Jul/18 ]

tess.avitabile, absolutely. The fuzzer had triggered this by using the applyOps command so I'm not sure if it is actually necessary to prevent all writes to the config.transactions collection as it was a malformed oplog entry which triggered this crash.

Comment by Tess Avitabile (Inactive) [ 10/Jul/18 ]

max.hirschhorn, we don't want to fix this in the server, since we prefer to use auth to prevent user writes to system/config collections and accept that the server may crash if these writes are invalid. Would it be possible to prevent the fuzzer from writing to config.transactions?

Generated at Thu Feb 08 04:41:42 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.