[SERVER-45584] Validate writeConcern.w Created: 15/Jan/20 Updated: 29/Oct/23 Resolved: 31/Jan/20 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 4.3.3, 4.3.4 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Benjamin Caimano (Inactive) | Assignee: | Amirsaman Memaripour |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | bson, save-for-sam | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||||||||||||||||||
| Operating System: | ALL | ||||||||||||||||||||||||||||
| Sprint: | Service Arch 2020-02-10 | ||||||||||||||||||||||||||||
| Participants: | |||||||||||||||||||||||||||||
| Linked BF Score: | 95 | ||||||||||||||||||||||||||||
| Description |
|
We attempt to use numberInt() to load integers from the wire here and here. Both of these should be safeNumberLong() calls instead. The wNumNodes value should also be validated against the maximum amount of nodes in a replica set before it gets downcasted to int. |
| Comments |
| Comment by Ratika Gandhi [ 31/Jan/20 ] | |||||||||
|
Closing this ticket to avoid any future confusion over the fixVersions of commits related to this ticket. I have cloned the ticket details in | |||||||||
| Comment by Eric Milkie [ 29/Jan/20 ] | |||||||||
|
Note that this was released in 4.3.3 but was reverted in this same ticket for 4.3.4. Sorry for the confusion. The reversion should have been done in a separate ticket since this change was released downstream. | |||||||||
| Comment by Kevin Albertson [ 29/Jan/20 ] | |||||||||
|
Should this be reopened? The change was released on 4.3.3 but reverted on master. The difference of error reporting broke one test in the C driver, which was testing the server validation of a user passing w:99. It is a small change to fix our test, but I'll watch this ticket for updates in case the revert is released. | |||||||||
| Comment by Githook User [ 29/Jan/20 ] | |||||||||
|
Author: {'name': 'Amirsaman Memaripour', 'email': 'amirsaman.memaripour@10gen.com'}Message: Revert | |||||||||
| Comment by Dianna Hohensee (Inactive) [ 29/Jan/20 ] | |||||||||
|
It appears that this commit has broken my compile with opt=off. The write_concern_options.cpp file is using repl_set_config.h, but does not link it. However, introducing repl_set_config.cpp to the SCons library for write_concern_options.cpp creates a dependency cycle, like so:
| |||||||||
| Comment by Githook User [ 28/Jan/20 ] | |||||||||
|
Author: {'email': 'amirsaman.memaripour@10gen.com', 'name': 'Amirsaman Memaripour'}Message: | |||||||||
| Comment by Kevin Pulo [ 15/Jan/20 ] | |||||||||
|
By all means make sure that the w field is a number, int, long, or string. But you can't validate it against the number of nodes, because:
|