[SERVER-68157] AuditEncryptionCompressionManager::encryptAndEncode should emit big BSON Created: 19/Jul/22 Updated: 29/Oct/23 Resolved: 25/Aug/22 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 6.0.3 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Spencer Jackson | Assignee: | Adam Rayner |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Backwards Compatibility: | Fully Compatible | ||||
| Operating System: | ALL | ||||
| Backport Requested: |
v6.1, v6.0
|
||||
| Sprint: | Security 2022-08-08, Security 2022-08-22, Security 2022-09-05 | ||||
| Participants: | |||||
| Description |
|
BSON objects rendered into the audit log are permitted to exceed the 16MB size threshold. This requirement arises from the need to audit network requests which can exceed the object size. In order to override BSON size limits, template trait overrides can be passed to key serialization methods. AuditEncryptionCompressionManager::encryptAndEncode invokes BSONObjBuilder::obj without providing a trait. That means, we may attempt to encrypt big inputs, but enforce the 16MB limit on the size of the ciphertext. |
| Comments |
| Comment by Githook User [ 05/Oct/22 ] |
|
Author: {'name': 'Adam Rayner', 'email': 'adam.rayner@gmail.com'}Message: |
| Comment by Githook User [ 05/Oct/22 ] |
|
Author: {'name': 'Adam Rayner', 'email': 'adam.rayner@gmail.com'}Message: |