[SERVER-68836] Properly handle NaN and 0 in for LDAPTimeoutMS Created: 15/Aug/22  Updated: 29/Oct/23  Resolved: 12/Nov/22

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 4.4.19, 5.0.15, 6.0.5

Type: Bug Priority: Major - P3
Reporter: Varun Ravichandran Assignee: Varun Ravichandran
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Related
is related to SERVER-68309 Investigate for unsafe narrowing conv... Closed
Backwards Compatibility: Fully Compatible
Operating System: ALL
Backport Requested:
v6.0, v5.0, v4.4, v4.2
Sprint: Security 2022-09-19, Security 2022-10-03, Security 2022-10-17, Security 2022-10-31, Security 2022-11-14
Participants:
Linked BF Score: 138

 Description   

When a non-numeric value is specified for ldapTimeoutMS via setParameter, the double-to-int type coercion will result in undefined behavior depending on the processor architecture. For x86 systems, NaN was converted into the most negative integral value, which worked out fine here as we explicitly prevent values below 0. On ARM/Graviton systems, NaN gets converted to 0, which would be set. When connection pooling is disabled, the timeout is enforced by the system LDAP library. 

We should explicitly check for `NaN`/non-numeric types in the BSONElement's value and reject them before attempting to coerce it into an integer. 



 Comments   
Comment by Githook User [ 28/Jan/23 ]

Author:

{'name': 'Varun Ravichandran', 'email': 'varun.ravichandran@mongodb.com', 'username': 'varunravi98'}

Message: SERVER-68836: Prevent out of bound doubles and NaN from ldapTimeoutMS and ldapRetrySetting

(cherry picked from commit 7da7e4bbc1af5b731a87da14538059ea1e2794cb)
(cherry picked from commit 8793748b5b69e1521aa4da58ae671ad3027af559)
Branch: v5.0
https://github.com/10gen/mongo-enterprise-modules/commit/3420e3058b9a0001378186d01c4251112b056e8f

Comment by Githook User [ 26/Jan/23 ]

Author:

{'name': 'Varun Ravichandran', 'email': 'varun.ravichandran@mongodb.com', 'username': 'varunravi98'}

Message: SERVER-68836: Prevent out of bound doubles and NaN from ldapTimeoutMS and ldapRetrySetting

(cherry picked from commit 7da7e4bbc1af5b731a87da14538059ea1e2794cb)
Branch: v6.0
https://github.com/10gen/mongo-enterprise-modules/commit/8793748b5b69e1521aa4da58ae671ad3027af559

Comment by Varun Ravichandran [ 18/Jan/23 ]

The issue fixed in this ticket exists in the following branches:

6.0: https://github.com/10gen/mongo-enterprise-modules/blob/v6.0/src/ldap/ldap_runtime_parameters.cpp#L46|https://github.com/10gen/mongo-enterprise-modules/blob/v6.0/src/ldap/ldap_runtime_parameters.cpp#L46],]

5.0: https://github.com/10gen/mongo-enterprise-modules/blob/v5.0/src/ldap/ldap_runtime_parameters.cpp#L47

4.4: https://github.com/10gen/mongo-enterprise-modules/blob/v4.4/src/ldap/ldap_runtime_parameters.cpp#L47

4.2: https://github.com/10gen/mongo-enterprise-modules/blob/v4.2/src/ldap/ldap_runtime_parameters.cpp#L48

The JS test fuzzer has also detected this issue in 5.0, resulting in a hot BF: https://jira.mongodb.org/browse/BF-27492. Backporting this PR will ensure that the bug fix is present on all supported LTS releases and will address the BF.

 

Comment by Githook User [ 11/Nov/22 ]

Author:

{'name': 'Varun Ravichandran', 'email': 'varun.ravichandran@mongodb.com', 'username': 'varunravi98'}

Message: SERVER-68836: Prevent out of bound doubles and NaN from ldapTimeoutMS and ldapRetrySetting
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/7da7e4bbc1af5b731a87da14538059ea1e2794cb

Generated at Thu Feb 08 06:11:51 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.