<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Wed Feb 07 21:08:47 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[CDRIVER-211] Use of uninitialized memory within the mongo_read_response function.</title>
                <link>https://jira.mongodb.org/browse/CDRIVER-211</link>
                <project id="10030" key="CDRIVER">C Driver</project>
                    <description>

&lt;p&gt;Use of uninitialized value on the stack (len).  Fix is included.  Hope to see this added&lt;/p&gt;

&lt;p&gt;==4699== Thread 14:&lt;br/&gt;
==4699== Conditional jump or move depends on uninitialised value(s)&lt;br/&gt;
==4699==    at 0x5DFE700: mongo_read_response (mongo.c:329)&lt;br/&gt;
==4699==    by 0x5DFEE7E: mongo_cursor_op_query (mongo.c:1206)&lt;br/&gt;
==4699==    by 0x5DFF3CC: mongo_cursor_next (mongo.c:1371)&lt;br/&gt;
==4699==    by 0x5DFF4CC: mongo_find_one (mongo.c:1314)&lt;br/&gt;
==4699==    by 0x5DFF5FA: mongo_run_command (mongo.c:1578)&lt;br/&gt;
==4699==    by 0x5DFF85C: mongo_simple_int_command (mongo.c:1614)&lt;br/&gt;
==4699==    by 0x5DFFB80: mongo_check_is_master (mongo.c:388)&lt;br/&gt;
==4699==    by 0x5DFFCDF: mongo_client (mongo.c:438)&lt;br/&gt;
==4699==    by 0x417E49: HawkMongoPersistentConnect (hawk-mongo-persistent.c:169)&lt;br/&gt;
==4699==    by 0x4181B4: HawkMongoPopulateList (hawk-mongo-persistent.c:79)&lt;br/&gt;
==4699==    by 0x408CE3: ModulesSensorReload (hawk-modules-reload.c:181)&lt;br/&gt;
==4699==    by 0x8F6F850: start_thread (in /lib64/libpthread-2.12.so)&lt;br/&gt;
==4699==  Uninitialised value was created by a stack allocation&lt;br/&gt;
==4699==    at 0x5DFE6B0: mongo_read_response (mongo.c:317)&lt;br/&gt;
==4699==&lt;/p&gt;


&lt;p&gt;Issue code:&lt;/p&gt;

&lt;p&gt;static int mongo_read_response( mongo *conn, mongo_reply **reply ) {&lt;br/&gt;
    mongo_header head; /* header from network */&lt;br/&gt;
    mongo_reply_fields fields; /* header from network */&lt;br/&gt;
    mongo_reply &lt;b&gt;out;  /&lt;/b&gt; native endian */&lt;br/&gt;
    unsigned int len;&lt;br/&gt;
    int res;&lt;/p&gt;

&lt;p&gt;    mongo_env_read_socket( conn, &amp;amp;head, sizeof( head ) );&lt;br/&gt;
    mongo_env_read_socket( conn, &amp;amp;fields, sizeof( fields ) );&lt;/p&gt;

&lt;p&gt;    bson_little_endian32( &amp;amp;len, &amp;amp;head.len );&lt;/p&gt;



&lt;p&gt;Fixed code:&lt;/p&gt;

&lt;p&gt;static int mongo_read_response( mongo *conn, mongo_reply **reply ) {&lt;br/&gt;
    mongo_header head; /* header from network */&lt;br/&gt;
    mongo_reply_fields fields; /* header from network */&lt;br/&gt;
    mongo_reply &lt;b&gt;out;  /&lt;/b&gt; native endian */&lt;br/&gt;
    unsigned int len=0;&lt;br/&gt;
    int res;&lt;/p&gt;

&lt;p&gt;    mongo_env_read_socket( conn, &amp;amp;head, sizeof( head ) );&lt;br/&gt;
    mongo_env_read_socket( conn, &amp;amp;fields, sizeof( fields ) );&lt;/p&gt;

&lt;p&gt;    bson_little_endian32( &amp;amp;len, &amp;amp;head.len );&lt;/p&gt;


&lt;p&gt;--------------------------------------------------------------------&lt;/p&gt;

&lt;p&gt;&amp;#8212; src/mongo.c 2013-04-26 14:59:47.791595035 -0500&lt;br/&gt;
+++ src/mongo.c.fix     2013-04-26 15:00:04.344604104 -0500&lt;br/&gt;
@@ -318,7 +318,7 @@&lt;br/&gt;
     mongo_header head; /* header from network */&lt;br/&gt;
     mongo_reply_fields fields; /* header from network */&lt;br/&gt;
     mongo_reply &lt;b&gt;out;  /&lt;/b&gt; native endian */&lt;/p&gt;
&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;unsigned int len;&lt;br/&gt;
+    unsigned int len=0;&lt;br/&gt;
     int res;&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;     mongo_env_read_socket( conn, &amp;amp;head, sizeof( head ) );&lt;/p&gt;
</description>
                <environment></environment>
        <key id="73284">CDRIVER-211</key>
            <summary>Use of uninitialized memory within the mongo_read_response function.</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="1" iconUrl="https://jira.mongodb.org/images/icons/priorities/blocker.svg">Blocker - P1</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="gjmurakami">Gary Murakami</assignee>
                                    <reporter username="redsand">Tim Shelton</reporter>
                        <labels>
                            <label>corrupt</label>
                            <label>crash</label>
                    </labels>
                <created>Fri, 26 Apr 2013 20:02:02 +0000</created>
                <updated>Wed, 3 May 2017 22:14:10 +0000</updated>
                            <resolved>Thu, 8 Aug 2013 18:24:30 +0000</resolved>
                                    <version>0.7.1</version>
                                                                        <votes>0</votes>
                                    <watches>3</watches>
                                                                                                                <comments>
                            <comment id="398844" author="gjmurakami" created="Thu, 8 Aug 2013 18:23:53 +0000"  >&lt;p&gt;Agreed, fixed by &lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-199&quot; title=&quot;Socket reads not checked for IO errors, e.g. timeouts&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-199&quot;&gt;&lt;del&gt;CDRIVER-199&lt;/del&gt;&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="373893" author="paulmelnikow" created="Thu, 4 Jul 2013 02:07:27 +0000"  >&lt;p&gt;Looks like it was fixed in this commit:&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/commit/32875065e9743869742d7510263cdcd7de14aa61&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/commit/32875065e9743869742d7510263cdcd7de14aa61&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="373883" author="redsand" created="Thu, 4 Jul 2013 01:51:14 +0000"  >
&lt;p&gt;Yes, however if the read from the socket fails when writing to len value, bson_little_endian32 fails, then len is an undefined value and continues.&lt;/p&gt;

&lt;p&gt;Valgrind doesn&apos;t lie.  I&apos;m just reporting what I find.&lt;/p&gt;

&lt;p&gt;Tim&lt;/p&gt;

&lt;p&gt;CTO&lt;br/&gt;
HAWK Network Defense, Inc.&lt;br/&gt;
1.888.919.4295 (HAWK) x 1337&lt;br/&gt;
214.810.4295 (HAWK)&lt;br/&gt;
tshelton@hawkdefense.com&lt;/p&gt;
</comment>
                            <comment id="373877" author="paulmelnikow" created="Thu, 4 Jul 2013 01:39:51 +0000"  >&lt;p&gt;This fix doesn&apos;t make sense. The call to bson_little_endian32 writes to len; it doesn&apos;t depend on the value of len.&lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hrniin:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>50959</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>