[SERVER-36272] Shell assertion failure with certain characters in the password Created: 24/Jul/18  Updated: 29/Oct/23  Resolved: 12/Oct/18

Status: Closed
Project: Core Server
Component/s: Shell
Affects Version/s: 4.0.0
Fix Version/s: 4.0.5, 4.1.5

Type: Bug Priority: Major - P3
Reporter: Dan Dascalescu Assignee: Shreyas Kalyan
Resolution: Fixed Votes: 0
Labels: neweng
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

MongoDB shell version v4.0.0
git version: 3b07af3d4f471ae89e8186d33bbb1d5259597d51
OpenSSL version: OpenSSL 1.0.2g 1 Mar 2016
allocator: tcmalloc
modules: none
build environment:
distmod: ubuntu1604
distarch: x86_64
target_arch: x86_64


Issue Links:
Backports
Problem/Incident
Related
related to SERVER-37628 Fix mongo_uri_test:InvalidTestCase co... Closed
Backwards Compatibility: Fully Compatible
Backport Requested:
v4.0
Sprint: Security 2018-10-08, Security 2018-10-22
Participants:
Linked BF Score: 0

 Description   

I've created a user with a password that contains '%' and ','. When I try to connect,

mongo mongodb://myuser:K+4,%j@mydomain.com:12345/dbname

mongo borks with this error:

2018-07-24T14:18:52.110-0700 E - [main] Assertion failure false src/mongo/util/hex.h 48
2018-07-24T14:18:52.123-0700 I CONTROL [main] 0x558a70c10851 0x558a70c0eeba 0x558a6ff61adc 0x558a709d57b8 0x558a709d6f4b 0x558a709da151 0x558a6ffc3408 0x558a6ffa0e48 0x558a6ff99303 0x558a70bc3011 0x558a70bc3882 0x558a70bc3c0c 0x558a6ff94336 0x558a6ff640fe 0x7f275fee2830 0x558a6ff8e039
----- BEGIN BACKTRACE -----

{"backtrace":[\{"b":"558A6F8B2000","o":"135E851","s":"_ZN5mongo15printStackTraceERSo"}

,{"b":"558A6F8B2000","o":"135CEBA","s":"ZN5mongo10logContextEPKc"},{"b":"558A6F8B2000","o":"6AFADC","s":"_ZN5mongo12verifyFailedEPKcS1_j"},{"b":"558A6F8B2000","o":"11237B8","s":"_ZN5mongo9uriDecodeB5cxx11ENS_10StringDataE"},{"b":"558A6F8B2000","o":"1124F4B","s":"_ZN5mongo8MongoURI9parseImplERKNSt7cxx1112basic_stringIcSt11char_traitsIcESaIcEEE"},{"b":"558A6F8B2000","o":"1128151","s":"_ZN5mongo8MongoURI5parseERKNSt7cxx1112basic_stringIcSt11char_traitsIcESaIcEEE"},{"b":"558A6F8B2000","o":"711408","s":"_ZN5mongo22storeMongoShellOptionsERKNS_17optionenvironment11EnvironmentERKSt6vectorINSt7cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaISA_EE"},{"b":"558A6F8B2000","o":"6EEE48","s":"_ZN5mongo49_mongoInitializerFunction_MongoShellOptions_StoreEPNS_18InitializerContextE"},{"b":"558A6F8B2000","o":"6E7303","s":"_ZNSt17_Function_handlerIFN5mongo6StatusEPNS0_18InitializerContextEEPS4_E9_M_invokeERKSt9_Any_dataOS3"},{"b":"558A6F8B2000","o":"1311011","s":"ZN5mongo11Initializer19executeInitializersERKSt6vectorINSt7cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS7_EERKSt3mapIS7_S7_St4lessIS7_ESaISt4pairIKS7_S7_EEE"},{"b":"558A6F8B2000","o":"1311882","s":"_ZN5mongo21runGlobalInitializersEiPKPKcS3"},{"b":"558A6F8B2000","o":"1311C0C","s":"ZN5mongo26runGlobalInitializersOrDieEiPKPKcS3"},{"b":"558A6F8B2000","o":"6E2336","s":"Z5_mainiPPcS0"},{"b":"558A6F8B2000","o":"6B20FE","s":"main"},{"b":"7F275FEC2000","o":"20830","s":"__libc_start_main"},{"b":"558A6F8B2000","o":"6DC039","s":"_start"}]}
mongo(_ZN5mongo15printStackTraceERSo+0x41) [0x558a70c10851]
mongo(_ZN5mongo10logContextEPKc+0x14A) [0x558a70c0eeba]
mongo(_ZN5mongo12verifyFailedEPKcS1_j+0x166) [0x558a6ff61adc]
mongo(_ZN5mongo9uriDecodeB5cxx11ENS_10StringDataE+0x3F8) [0x558a709d57b8]
mongo(ZN5mongo8MongoURI9parseImplERKNSt7_cxx1112basic_stringIcSt11char_traitsIcESaIcEEE+0x80B) [0x558a709d6f4b]
mongo(ZN5mongo8MongoURI5parseERKNSt7_cxx1112basic_stringIcSt11char_traitsIcESaIcEEE+0x31) [0x558a709da151]
mongo(ZN5mongo22storeMongoShellOptionsERKNS_17optionenvironment11EnvironmentERKSt6vectorINSt7_cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaISA_EE+0x1C78) [0x558a6ffc3408]
mongo(_ZN5mongo49_mongoInitializerFunction_MongoShellOptions_StoreEPNS_18InitializerContextE+0x38) [0x558a6ffa0e48]
mongo(ZNSt17_Function_handlerIFN5mongo6StatusEPNS0_18InitializerContextEEPS4_E9_M_invokeERKSt9_Any_dataOS3+0x23) [0x558a6ff99303]
mongo(ZN5mongo11Initializer19executeInitializersERKSt6vectorINSt7_cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS7_EERKSt3mapIS7_S7_St4lessIS7_ESaISt4pairIKS7_S7_EEE+0x371) [0x558a70bc3011]
mongo(ZN5mongo21runGlobalInitializersEiPKPKcS3+0x352) [0x558a70bc3882]
mongo(ZN5mongo26runGlobalInitializersOrDieEiPKPKcS3+0x2C) [0x558a70bc3c0c]
mongo(Z5_mainiPPcS0+0xA6) [0x558a6ff94336]
mongo(main+0xE) [0x558a6ff640fe]
libc.so.6(__libc_start_main+0xF0) [0x7f275fee2830]
mongo(_start+0x29) [0x558a6ff8e039]
----- END BACKTRACE -----
UnknownError: assertion src/mongo/util/hex.h:48

 

For passwords like "K/4,%j", I get "FailedToParse: Bad digit "K" while parsing K".



 Comments   
Comment by Githook User [ 13/Nov/18 ]

Author:

{'name': 'Shreyas Kalyan', 'email': 'shreyaskalyan@gmail.com', 'username': 'shreyaskal'}

Message: SERVER-36272 Catch error in parsing values after % in URIs

(cherry picked from commit 2e58710210f996eea00e192f987ae90acb71abbf)
Branch: v4.0
https://github.com/mongodb/mongo/commit/bbb958077536967feca1c58b73727504b223d133

Comment by Githook User [ 12/Oct/18 ]

Author:

{'name': 'Shreyas Kalyan', 'email': 'shreyaskalyan@gmail.com', 'username': 'shreyaskal'}

Message: SERVER-36272 Catch error in parsing values after % in URIs
Branch: master
https://github.com/mongodb/mongo/commit/2e58710210f996eea00e192f987ae90acb71abbf

Comment by Mark Benvenuto [ 06/Aug/18 ]

dandv there are two issues here:

  1. URLs only allow a subset of ASCII characters. Characters that are not allowed like / (forward slash) and % (percent) must be escaped. See Percent-encoding for more information.
  2. Mongo shell has a bug when it encounters "%j@" as a hex character it returns an unclear error message.
Generated at Thu Feb 08 04:42:36 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.