[SERVER-76665] Abort compaction operation if EmuBinary returns 0 for both positions Created: 28/Apr/23 Updated: 29/Oct/23 Resolved: 01/May/23 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 7.1.0-rc0, 7.0.0-rc1 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Erwin Pe | Assignee: | Erwin Pe |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Backwards Compatibility: | Fully Compatible | ||||
| Operating System: | ALL | ||||
| Backport Requested: |
v7.0
|
||||
| Sprint: | Security 2023-05-01, Security 2023-05-15 | ||||
| Participants: | |||||
| Description |
|
During compaction (and cleanup by extension), it should be considered an error when EmuBinary returns (0, 0) for the a1 and a2 positions respectively, because this can mean any of the following invalid conditions: Cases 2 & 3 can only happen if there is a corruption of the QE state collections that has already occurred prior to the compaction operation. Case 1 can occur any time a client sends invalid compaction tokens in a compactStructuredEncryptionData command. Since the compaction algorithm may delete from the ESC regardless of whether something was compacted, this destructive part of the algorithm should never be executed if any of the above 3 cases is possible. Therefore, the entire compaction operation MUST abort if any call to EmuBinary returns (0,0). |
| Comments |
| Comment by Githook User [ 02/May/23 ] |
|
Author: {'name': 'Erwin Pe', 'email': 'erwin.pe@mongodb.com', 'username': 'erwee'}Message: (cherry picked from commit a22b45eb8ae25dfbaae41921f242f484d9dec233) |
| Comment by Githook User [ 01/May/23 ] |
|
Author: {'name': 'Erwin Pe', 'email': 'erwin.pe@mongodb.com', 'username': 'erwee'}Message: |