[SERVER-56677] Coverity analysis defect 119556: Untrusted loop bound Created: 05/May/21  Updated: 29/Oct/23  Resolved: 26/May/21

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 5.1.0-rc0

Type: Bug Priority: Major - P3
Reporter: Coverity Collector User Assignee: Sara Golemon
Resolution: Fixed Votes: 0
Labels: coverity
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to SERVER-61494 Fix "mongod --shutdown" to check size... Closed
Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: Security 2021-05-17, Security 2021-05-31
Participants:

 Description   

Untrusted loop bound

An attacker could control the number of times the loop iterates. An unscrutinized value from an untrusted source used as a loop bound
/src/mongo/db/mongod_main.cpp:892: TAINTED_SCALAR 119556 Calling function "operator >>" taints argument "pid".
/src/mongo/db/mongod_main.cpp:893: TAINTED_SCALAR 119556 Checking lower bounds of signed scalar "pid" by taking the true branch of "pid > 9999".



 Comments   
Comment by Vivian Ge (Inactive) [ 06/Oct/21 ]

Updating the fixversion since branching activities occurred yesterday. This ticket will be in rc0 when it’s been triggered. For more active release information, please keep an eye on #server-release. Thank you!

Comment by Githook User [ 26/May/21 ]

Author:

{'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com', 'username': 'sgolemon'}

Message: SERVER-56677 Refactor --shutdown handling
Branch: master
https://github.com/mongodb/mongo/commit/a07dc78e49c53de539dff92748334cd7fbe2e2a9

Generated at Thu Feb 08 05:39:54 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.