[SERVER-65033] Invalid currentOp commands are run without validation Created: 29/Mar/22 Updated: 06/Apr/23 Resolved: 06/Apr/23 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | 5.0.6 |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Minor - P4 |
| Reporter: | Kevin Mas Ruiz | Assignee: | Michael Gargiulo |
| Resolution: | Won't Fix | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Participants: | |||||
| Description |
|
It seems that the server is not validating the format of the currentOp command, thus sometimes resolving to an unexpected behaviour for the client. The behaviour is easily reproducible using pymongo 4.0.2 and mongo 5.0.6 as follows: 1. Start a new mongod instance and insert some sample data. 2. Run the following Python snippet:
3. See there are a few operations that ran. 4. Run the following Python snippet, now with an invalid command format.
5. It should show similar results to the previous run, even if the $gt filter is ignored (the format of the command is invalid). What the server received is an invalid command with the following format
And the behaviour seems to run the currentOp command without filters. |
| Comments |
| Comment by Spencer Jackson [ 08/Apr/22 ] |
|
My apologies, the above two commits were backports intended to be labelled as |
| Comment by Githook User [ 08/Apr/22 ] |
|
Author: {'name': 'Shreyas Kalyan', 'email': 'shreyas.kalyan@10gen.com', 'username': 'shreyaskalyan'}Message: (cherry picked from commit f909fbe1731e0e04a3a4e48edc032530ac6499ea) |
| Comment by Githook User [ 08/Apr/22 ] |
|
Author: {'name': 'Shreyas Kalyan', 'email': 'shreyas.kalyan@10gen.com', 'username': 'shreyaskalyan'}Message: (cherry picked from commit f909fbe1731e0e04a3a4e48edc032530ac6499ea) |