[SERVER-9878] Add safety checks to V8 C++ bindings Created: 07/Jun/13  Updated: 07/Jun/17  Resolved: 17/Jun/13

Status: Closed
Project: Core Server
Component/s: JavaScript
Affects Version/s: 2.4.4
Fix Version/s: 2.4.5, 2.5.1

Type: Bug Priority: Major - P3
Reporter: Mathias Stearn Assignee: Mathias Stearn
Resolution: Done Votes: 0
Labels: asp, asp-cve, asp-sdl-internal, asp-vuln-mem
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by SERVER-9582 V8 allows DBRef() with no arguments Closed
Related
Backwards Compatibility: Minor Change
Operating System: ALL
Participants:

 Comments   
Comment by auto [ 19/Jun/13 ]

Author:

{u'username': u'RedBeard0531', u'name': u'Mathias Stearn', u'email': u'mathias@10gen.com'}

Message: SERVER-9878 Add type checks to V8 C++ bindings

The main focus of this ticket is tightening up input validation in
our V8 bindings. Doing this required normalizing the way we create
custom types in JS that have special C++-driven behavior. All special
types now use FunctionTemplates that are attached to the V8Scope object.
This allows us to test if an object is of the correct type before using
it.

Other related tickets partially addressed:
SERVER-8961 Differences in argument validation of custom types between v8 and Spidermonkey
SERVER-9803 Handle regular expression parse errors without seg faulting

Conflicts:

jstests/constructors.js
src/mongo/scripting/engine_v8.cpp
Branch: v2.4
https://github.com/mongodb/mongo/commit/7c1b35e0b2cc69c93074c6d1d76879b3ed525f56

Comment by auto [ 17/Jun/13 ]

Author:

{u'username': u'RedBeard0531', u'name': u'Mathias Stearn', u'email': u'mathias@10gen.com'}

Message: SERVER-9878 Add type checks to V8 C++ bindings

The main focus of this ticket is tightening up input validation in
our V8 bindings. Doing this required normalizing the way we create
custom types in JS that have special C++-driven behavior. All special
types now use FunctionTemplates that are attached to the V8Scope object.
This allows us to test if an object is of the correct type before using
it.

Other related tickets partially addressed:
SERVER-8961 Differences in argument validation of custom types between v8 and Spidermonkey
SERVER-9803 Handle regular expression parse errors without seg faulting
Branch: master
https://github.com/mongodb/mongo/commit/fda4a2342614e4ca1fb26c868a5adef0e050eb5e

Generated at Thu Feb 08 03:21:42 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.