[SERVER-48621] [v4.4] userAllowedCreateNS() does not check the collection name length in FCV4.4 Created: 05/Jun/20  Updated: 29/Oct/23  Resolved: 09/Jun/20

Status: Closed
Project: Core Server
Component/s: Storage
Affects Version/s: 4.4.0-rc8
Fix Version/s: 4.4.0-rc9

Type: Bug Priority: Major - P3
Reporter: Gregory Wlodarek Assignee: Gregory Wlodarek
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by SERVER-47836 Rollback multiversion fuzzer should s... Closed
Related
related to SERVER-51333 setFeatureCompatibilityVersion should... Closed
Backwards Compatibility: Fully Compatible
Operating System: ALL
Steps To Reproduce:

Here's a jstests/replsets repro:

 

(function() {
var name = "test";
 
var replSetTest = new ReplSetTest({name: name, nodes: 2});
replSetTest.startSet();
var hostnames = replSetTest.nodeList();
replSetTest.initiate({
    "_id": name,
    "members": [
        {"_id": 0, "host": hostnames[0], "priority": 2},
        {"_id": 1, "host": hostnames[1], priority: 0}
    ]
});
 
var master = replSetTest.getPrimary();
 
const db = master.getDB("test");
assert.commandWorked(db.createCollection("a"));
 
assert.commandFailedWithCode(db.adminCommand({renameCollection: "test.a", to: "test.111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111"}), [ErrorCodes.IllegalOperation]);
 
assert.commandFailedWithCode(db.adminCommand({renameCollection: "test.a", to: "test2.111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111"}), [ErrorCodes.IllegalOperation]);
 
replSetTest.stopSet();
}());

Sprint: Execution Team 2020-06-15
Participants:

 Description   

We have two different code paths where we check the collection name length.

DatabaseImpl::_checkCanCreateCollection() and userAllowedCreateNS().

The latter function only checks the collection namespace length when running in FCV 4.2, but performs no length checks for FCV 4.4. Renaming a collection within the same database goes through userAllowedCreateNS() as it only needs to modify the catalog's metadata and allows the opportunity to create a collection with a name > 255 characters.

 

To fix this, we should add the non-FCV namespace length check from _checkCanCreateCollection() into userAllowedCreateNS() too.



 Comments   
Comment by Githook User [ 08/Jun/20 ]

Author:

{'name': 'Gregory Wlodarek', 'email': 'gregory.wlodarek@mongodb.com', 'username': 'GWlodarek'}

Message: SERVER-48621 userAllowedCreateNS() should check the collection name length in FCV4.4
Branch: v4.4
https://github.com/mongodb/mongo/commit/9f2697e77352d9a9bda91d9ecc506ef7cf4eb362

Generated at Thu Feb 08 05:17:38 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.