[SERVER-7005] Documents containing keys with embedded null characters can be created Created: 11/Sep/12 Updated: 17/Nov/16 Resolved: 21/Apr/16 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Querying |
| Affects Version/s: | None |
| Fix Version/s: | 2.6.13, 3.0.12, 3.2.6, 3.3.5 |
| Type: | Improvement | Priority: | Critical - P2 |
| Reporter: | Jeffrey Yemin | Assignee: | David Storch |
| Resolution: | Done | Votes: | 3 |
| Labels: | code-and-test | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||||||||||||||||||
| Backport Completed: | |||||||||||||||||||||||||||||
| Sprint: | Query 13 (04/22/16) | ||||||||||||||||||||||||||||
| Participants: | |||||||||||||||||||||||||||||
| Linked BF Score: | 0 | ||||||||||||||||||||||||||||
| Description |
|
Depending on where the null characters appear and how many of them there are, you get different errors. Here's one reproducible case using Java:
The insert returns normally, but the call to findOne throws an exception:
and validate fails as well:
|
| Comments |
| Comment by Githook User [ 22/Apr/16 ] | ||||||||||||||
|
Author: {u'username': u'dstorch', u'name': u'David Storch', u'email': u'david.storch@10gen.com'}Message: Manually cherry-picked from 33471d4424d | ||||||||||||||
| Comment by Githook User [ 22/Apr/16 ] | ||||||||||||||
|
Author: {u'username': u'dstorch', u'name': u'David Storch', u'email': u'david.storch@10gen.com'}Message: Manually cherry-picked from 75f24a26015 | ||||||||||||||
| Comment by Githook User [ 22/Apr/16 ] | ||||||||||||||
|
Author: {u'username': u'dstorch', u'name': u'David Storch', u'email': u'david.storch@10gen.com'}Message: (cherry picked from commit 33471d4424dd81e5310b27867ecb3647c60cf7a4) Conflicts: | ||||||||||||||
| Comment by Githook User [ 22/Apr/16 ] | ||||||||||||||
|
Author: {u'username': u'dstorch', u'name': u'David Storch', u'email': u'david.storch@10gen.com'}Message: (cherry picked from commit 75f24a26015566ce5458887de1431d2458ff7fd3) | ||||||||||||||
| Comment by Githook User [ 21/Apr/16 ] | ||||||||||||||
|
Author: {u'username': u'dstorch', u'name': u'David Storch', u'email': u'david.storch@10gen.com'}Message: (cherry picked from commit 33471d4424dd81e5310b27867ecb3647c60cf7a4) | ||||||||||||||
| Comment by Githook User [ 21/Apr/16 ] | ||||||||||||||
|
Author: {u'username': u'dstorch', u'name': u'David Storch', u'email': u'david.storch@10gen.com'}Message: (cherry picked from commit 75f24a26015566ce5458887de1431d2458ff7fd3) | ||||||||||||||
| Comment by Githook User [ 21/Apr/16 ] | ||||||||||||||
|
Author: {u'username': u'dstorch', u'name': u'David Storch', u'email': u'david.storch@10gen.com'}Message: | ||||||||||||||
| Comment by Githook User [ 21/Apr/16 ] | ||||||||||||||
|
Author: {u'username': u'dstorch', u'name': u'David Storch', u'email': u'david.storch@10gen.com'}Message: | ||||||||||||||
| Comment by Thomas Rueckstiess [ 24/Oct/12 ] | ||||||||||||||
|
This is because the key ename uses a regular (null terminated) cstring in the BSON specifications. If it contains an (additional) null character, this is indistinguishable from the string ending there, but the pointer is advanced by a wrong offset and the following bytes don't match the expected values anymore (hence we get "bad type" errors). The same is true for BSON type 11 (Reg. Expressions), the only other use of cstring in BSON. Inserting a regular expression containing a null character inserts a corrupted BSON document:
This works without warning, but the database now contains a corrupted document. I don't see how this can be repaired once the BSON is encoded with the corruption. Therefore, all drivers need to make sure that they do not allow insertion of null characters in key names and regex expressions. The Python driver does this already, so does the Javascript shell:
|