[SERVER-59071] Using $sample can trigger invariant when connecting directly to shards Created: 03/Aug/21 Updated: 29/Oct/23 Resolved: 11/Aug/21 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | 5.0.2 |
| Fix Version/s: | 5.0.3, 5.1.0-rc0 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Randolph Tan | Assignee: | Eric Cox (Inactive) |
| Resolution: | Fixed | Votes: | 1 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
|
||||||||||||||||
| Issue Links: |
|
||||||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||||||
| Operating System: | ALL | ||||||||||||||||
| Backport Requested: |
v5.0
|
||||||||||||||||
| Sprint: | QE 2021-08-09, QE 2021-08-23 | ||||||||||||||||
| Participants: | |||||||||||||||||
| Case: | (copied to CRM) | ||||||||||||||||
| Linked BF Score: | 176 | ||||||||||||||||
| Description |
|
CVE-2021-32037 Title CVE ID Description An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually, the requests are sent via mongos and special privileges are required in order to know the address of the shards and to log in to the shards of an auth enabled environment. CVSS score Affected versions CWE Underlying operating systems affected How the issue was reported: External Reference link (server ticket) |
| Comments |
| Comment by Randolph Tan [ 06/Apr/22 ] |
|
aju.raju@bnymellon.com This issue didn't exist before v5.0 |
| Comment by Aju Raju [ 06/Apr/22 ] |
|
Is this addressed in any MongoDB version prior to v5.0 (i.e.: v4.2). |
| Comment by Githook User [ 12/Aug/21 ] |
|
Author: {'name': 'Eric Cox', 'email': 'eric.cox@mongodb.com', 'username': 'ericox'}Message: (cherry picked from commit f3604b901d688c194de5e430c7fbab060c9dc8e0) |
| Comment by Githook User [ 11/Aug/21 ] |
|
Author: {'name': 'Eric Cox', 'email': 'eric.cox@mongodb.com', 'username': 'ericox'}Message: |
| Comment by Githook User [ 10/Aug/21 ] |
|
Author: {'name': 'Eric Cox', 'email': 'eric.cox@mongodb.com', 'username': 'ericox'}Message: Revert " This reverts commit f3e8bfb0ea52ae167e097f3f3fd9bf183e6b4a8a. |
| Comment by Githook User [ 10/Aug/21 ] |
|
Author: {'name': 'Eric Cox', 'email': 'eric.cox@mongodb.com', 'username': 'ericox'}Message: |
| Comment by Eric Cox (Inactive) [ 06/Aug/21 ] |
|
The fix is pretty simple here and it uses what kaloian.manassiev suggests to only try to get the shardFilterer if we have already checked that the collection is sharded via CollectionShardingState:: getCollectionDescription()->isSharded(). When we direct connect to a shard and try a $sample in an agg pipeline, $sample will now run as if we are running $sample against a single node mongod.
|
| Comment by Kaloian Manassiev [ 05/Aug/21 ] |
|
Just want to add here that it is the responsibility of $sample to not try to use the orphan filter, if it is not run on a sharded collection. When directly connecting to a shard or executing as a replica set, all collections are unsharded for all intents and purposes. So I am passing this ticket to the Query Execution team. The fix would be to use CollectionShardingState:: getCollectionDescription()->isSharded() before deciding to attach the orphan filtering stage. |
| Comment by Randolph Tan [ 03/Aug/21 ] |
|
Note: based on my testing, mongos attaches version (0, 0) for unsharded collections, so it doesn't hit this invariant when using $sample on them. |