[SERVER-68836] Properly handle NaN and 0 in for LDAPTimeoutMS Created: 15/Aug/22 Updated: 29/Oct/23 Resolved: 12/Nov/22 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 4.4.19, 5.0.15, 6.0.5 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Varun Ravichandran | Assignee: | Varun Ravichandran |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||
| Operating System: | ALL | ||||||||||||
| Backport Requested: |
v6.0, v5.0, v4.4, v4.2
|
||||||||||||
| Sprint: | Security 2022-09-19, Security 2022-10-03, Security 2022-10-17, Security 2022-10-31, Security 2022-11-14 | ||||||||||||
| Participants: | |||||||||||||
| Linked BF Score: | 138 | ||||||||||||
| Description |
|
When a non-numeric value is specified for ldapTimeoutMS via setParameter, the double-to-int type coercion will result in undefined behavior depending on the processor architecture. For x86 systems, NaN was converted into the most negative integral value, which worked out fine here as we explicitly prevent values below 0. On ARM/Graviton systems, NaN gets converted to 0, which would be set. When connection pooling is disabled, the timeout is enforced by the system LDAP library. We should explicitly check for `NaN`/non-numeric types in the BSONElement's value and reject them before attempting to coerce it into an integer. |
| Comments |
| Comment by Githook User [ 28/Jan/23 ] |
|
Author: {'name': 'Varun Ravichandran', 'email': 'varun.ravichandran@mongodb.com', 'username': 'varunravi98'}Message: (cherry picked from commit 7da7e4bbc1af5b731a87da14538059ea1e2794cb) |
| Comment by Githook User [ 26/Jan/23 ] |
|
Author: {'name': 'Varun Ravichandran', 'email': 'varun.ravichandran@mongodb.com', 'username': 'varunravi98'}Message: (cherry picked from commit 7da7e4bbc1af5b731a87da14538059ea1e2794cb) |
| Comment by Varun Ravichandran [ 18/Jan/23 ] |
|
The issue fixed in this ticket exists in the following branches: 6.0: https://github.com/10gen/mongo-enterprise-modules/blob/v6.0/src/ldap/ldap_runtime_parameters.cpp#L46|https://github.com/10gen/mongo-enterprise-modules/blob/v6.0/src/ldap/ldap_runtime_parameters.cpp#L46],] 5.0: https://github.com/10gen/mongo-enterprise-modules/blob/v5.0/src/ldap/ldap_runtime_parameters.cpp#L47 4.4: https://github.com/10gen/mongo-enterprise-modules/blob/v4.4/src/ldap/ldap_runtime_parameters.cpp#L47 4.2: https://github.com/10gen/mongo-enterprise-modules/blob/v4.2/src/ldap/ldap_runtime_parameters.cpp#L48 The JS test fuzzer has also detected this issue in 5.0, resulting in a hot BF: https://jira.mongodb.org/browse/BF-27492. Backporting this PR will ensure that the bug fix is present on all supported LTS releases and will address the BF.
|
| Comment by Githook User [ 11/Nov/22 ] |
|
Author: {'name': 'Varun Ravichandran', 'email': 'varun.ravichandran@mongodb.com', 'username': 'varunravi98'}Message: |