<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 03:31:59 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-13517] internal client should validate BSON responses</title>
                <link>https://jira.mongodb.org/browse/SERVER-13517</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;This was found on a 2.2 server but the defect still exists in master. The mongod was running a replica set heartbeat command against another node but received some corrupted BSON in the results. On closer inspection, it appears validateBSON is not called in this code path.&lt;/p&gt;

&lt;p&gt;Here&apos;s a demangled stack trace:&lt;/p&gt;

&lt;p&gt;... &lt;span class=&quot;error&quot;&gt;&amp;#91;rsHealthPoll&amp;#93;&lt;/span&gt; Assertion: 10320:BSONElement: bad type -51&lt;br/&gt;
0xaffd31 0xac5eb9 0x57105b 0x5a631d 0x592ac6 0x5a86e7 0x5a8b51 0x94f5c5 0x9555c2 0x955dd8 0xacd6ce 0xac8dfe 0xaca444 0xb45ba9 0x7f3ae7921e9a 0x7f3ae6c36dbd &lt;br/&gt;
 /usr/bin/mongod(mongo::printStackTrace(std::basic_ostream&amp;lt;char, std::char_traits&amp;lt;char&amp;gt; &amp;gt;&amp;amp;)+0x21) &lt;span class=&quot;error&quot;&gt;&amp;#91;0xaffd31&amp;#93;&lt;/span&gt;&lt;br/&gt;
 /usr/bin/mongod(mongo::msgasserted(int, char const*)+0x99) &lt;span class=&quot;error&quot;&gt;&amp;#91;0xac5eb9&amp;#93;&lt;/span&gt;&lt;br/&gt;
 /usr/bin/mongod(mongo::BSONElement::size() const+0x1cb) &lt;span class=&quot;error&quot;&gt;&amp;#91;0x57105b&amp;#93;&lt;/span&gt;&lt;br/&gt;
 /usr/bin/mongod(mongo::BSONObj::getField(mongo::StringData const&amp;amp;) const+0x7d) &lt;span class=&quot;error&quot;&gt;&amp;#91;0x5a631d&amp;#93;&lt;/span&gt;&lt;br/&gt;
 /usr/bin/mongod(mongo::DBClientWithCommands::isOk(mongo::BSONObj const&amp;amp;)+0x26) &lt;span class=&quot;error&quot;&gt;&amp;#91;0x592ac6&amp;#93;&lt;/span&gt;&lt;br/&gt;
 /usr/bin/mongod(mongo::DBClientWithCommands::runCommand(std::basic_string&amp;lt;char, std::char_traits&amp;lt;char&amp;gt;, std::allocator&amp;lt;char&amp;gt; &amp;gt; const&amp;amp;, mongo::BSONObj const&amp;amp;, mongo::BSONObj&amp;amp;, int, mongo::AuthenticationTable const*)+0x2f7) &lt;span class=&quot;error&quot;&gt;&amp;#91;0x5a86e7&amp;#93;&lt;/span&gt;&lt;br/&gt;
 /usr/bin/mongod(mongo::DBClientConnection::runCommand(std::basic_string&amp;lt;char, std::char_traits&amp;lt;char&amp;gt;, std::allocator&amp;lt;char&amp;gt; &amp;gt; const&amp;amp;, mongo::BSONObj const&amp;amp;, mongo::BSONObj&amp;amp;, int, mongo::AuthenticationTable const*)+0x11) &lt;span class=&quot;error&quot;&gt;&amp;#91;0x5a8b51&amp;#93;&lt;/span&gt;&lt;br/&gt;
 /usr/bin/mongod(mongo::requestHeartbeat(std::basic_string&amp;lt;char, std::char_traits&amp;lt;char&amp;gt;, std::allocator&amp;lt;char&amp;gt; &amp;gt;, std::basic_string&amp;lt;char, std::char_traits&amp;lt;char&amp;gt;, std::allocator&amp;lt;char&amp;gt; &amp;gt;, std::basic_string&amp;lt;char, std::char_traits&amp;lt;char&amp;gt;, std::allocator&amp;lt;char&amp;gt; &amp;gt;, mongo::BSONObj&amp;amp;, int, int&amp;amp;, bool)+0x565) &lt;span class=&quot;error&quot;&gt;&amp;#91;0x94f5c5&amp;#93;&lt;/span&gt;&lt;br/&gt;
 /usr/bin/mongod(mongo::ReplSetHealthPollTask::_requestHeartbeat(mongo::HeartbeatInfo&amp;amp;, mongo::BSONObj&amp;amp;, int&amp;amp;)+0xf2) &lt;span class=&quot;error&quot;&gt;&amp;#91;0x9555c2&amp;#93;&lt;/span&gt;&lt;br/&gt;
 /usr/bin/mongod(mongo::ReplSetHealthPollTask::doWork()+0xa8) &lt;span class=&quot;error&quot;&gt;&amp;#91;0x955dd8&amp;#93;&lt;/span&gt;&lt;br/&gt;
 /usr/bin/mongod(mongo::task::Task::run()+0x1e) &lt;span class=&quot;error&quot;&gt;&amp;#91;0xacd6ce&amp;#93;&lt;/span&gt;&lt;br/&gt;
 /usr/bin/mongod(mongo::BackgroundJob::jobBody(boost::shared_ptr&amp;lt;mongo::BackgroundJob::JobStatus&amp;gt;)+0xbe) &lt;span class=&quot;error&quot;&gt;&amp;#91;0xac8dfe&amp;#93;&lt;/span&gt;&lt;br/&gt;
 /usr/bin/mongod(boost::detail::thread_data&amp;lt;boost::_bi::bind_t&amp;lt;void, boost::_mfi::mf1&amp;lt;void, mongo::BackgroundJob, boost::shared_ptr&amp;lt;mongo::BackgroundJob::JobStatus&amp;gt; &amp;gt;, boost::_bi::list2&amp;lt;boost::_bi::value&amp;lt;mongo::BackgroundJob*&amp;gt;, boost::_bi::value&amp;lt;boost::shared_ptr&amp;lt;mongo::BackgroundJob::JobStatus&amp;gt; &amp;gt; &amp;gt; &amp;gt; &amp;gt;::run()+0x74) &lt;span class=&quot;error&quot;&gt;&amp;#91;0xaca444&amp;#93;&lt;/span&gt;&lt;br/&gt;
 /usr/bin/mongod() &lt;span class=&quot;error&quot;&gt;&amp;#91;0xb45ba9&amp;#93;&lt;/span&gt;&lt;br/&gt;
 /lib/x86_64-linux-gnu/libpthread.so.0(+0x7e9a) &lt;span class=&quot;error&quot;&gt;&amp;#91;0x7f3ae7921e9a&amp;#93;&lt;/span&gt;&lt;br/&gt;
 /lib/x86_64-linux-gnu/libc.so.6(clone+0x6d) &lt;span class=&quot;error&quot;&gt;&amp;#91;0x7f3ae6c36dbd&amp;#93;&lt;/span&gt;&lt;/p&gt;

</description>
                <environment></environment>
        <key id="130056">SERVER-13517</key>
            <summary>internal client should validate BSON responses</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="adam.chelminski@mongodb.com">Adam Chelminski</assignee>
                                    <reporter username="benety.goh@mongodb.com">Benety Goh</reporter>
                        <labels>
                    </labels>
                <created>Tue, 8 Apr 2014 21:09:05 +0000</created>
                <updated>Fri, 2 Sep 2016 00:29:12 +0000</updated>
                            <resolved>Fri, 19 Aug 2016 15:13:33 +0000</resolved>
                                    <version>2.2.7</version>
                    <version>2.6.0</version>
                                    <fixVersion>3.3.12</fixVersion>
                                    <component>Internal Client</component>
                    <component>Networking</component>
                                        <votes>1</votes>
                                    <watches>8</watches>
                                                                                                                <comments>
                            <comment id="1362132" author="xgen-internal-githook" created="Fri, 19 Aug 2016 15:11:58 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;username&apos;: u&apos;adamchel&apos;, u&apos;name&apos;: u&apos;Adam Chelminski&apos;, u&apos;email&apos;: u&apos;adam.chelminski@mongodb.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-13517&quot; title=&quot;internal client should validate BSON responses&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-13517&quot;&gt;&lt;del&gt;SERVER-13517&lt;/del&gt;&lt;/a&gt; Internal client validates BSON in all command responses and when reading from cursor in DBClientCursor&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/1a3d60af4d27d72e15637bb43510fe1b592a6c43&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/1a3d60af4d27d72e15637bb43510fe1b592a6c43&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="1356869" author="xgen-internal-githook" created="Mon, 15 Aug 2016 14:49:54 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;username&apos;: u&apos;adamchel&apos;, u&apos;name&apos;: u&apos;Adam Chelminski&apos;, u&apos;email&apos;: u&apos;adam.chelminski@mongodb.com&apos;}
&lt;p&gt;Message: Revert &quot;&lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-13517&quot; title=&quot;internal client should validate BSON responses&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-13517&quot;&gt;&lt;del&gt;SERVER-13517&lt;/del&gt;&lt;/a&gt; Specialize operator&amp;lt;&amp;lt; for BSONType for std::ostream, LogstreamBuilder, and StringBuilder&quot;&lt;/p&gt;

&lt;p&gt;This reverts commit 0b2645558c9715128dceb524660b603e9d8532d6.&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/d19d5cdb3a2dd6905361545239c7c37d07cf5aba&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/d19d5cdb3a2dd6905361545239c7c37d07cf5aba&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="1356863" author="xgen-internal-githook" created="Mon, 15 Aug 2016 14:45:58 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;username&apos;: u&apos;adamchel&apos;, u&apos;name&apos;: u&apos;Adam Chelminski&apos;, u&apos;email&apos;: u&apos;adam.chelminski@mongodb.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-13517&quot; title=&quot;internal client should validate BSON responses&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-13517&quot;&gt;&lt;del&gt;SERVER-13517&lt;/del&gt;&lt;/a&gt; Specialize operator&amp;lt;&amp;lt; for BSONType for std::ostream, LogstreamBuilder, and StringBuilder&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/0b2645558c9715128dceb524660b603e9d8532d6&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/0b2645558c9715128dceb524660b603e9d8532d6&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="1233091" author="milkie" created="Tue, 12 Apr 2016 12:12:35 +0000"  >&lt;p&gt;I think William wanted my first option presented above, which is that the C++ driver validates incoming responses.  As far as I know, the internal client does not do this today.&lt;/p&gt;</comment>
                            <comment id="1232467" author="ian@10gen.com" created="Mon, 11 Apr 2016 20:27:26 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=milkie&quot; class=&quot;user-hover&quot; rel=&quot;milkie&quot;&gt;milkie&lt;/a&gt; since the last comment here have we added the hardening/validation that William was asking about?&lt;/p&gt;</comment>
                            <comment id="551880" author="william.zola@10gen.com" created="Wed, 16 Apr 2014 17:23:41 +0000"  >&lt;p&gt;The issue here is that invalid incoming BSON from administrative commands (such as replication pings or the internal sharding commands) can cause the server to crash non-obviously.  In an environment where the network silently corrupts the incoming BSON, this will cause the &apos;mongod&apos; to crash.&lt;/p&gt;

&lt;p&gt;The request is to &quot;harden&quot; the server such that invalid or corrupt incoming BSON &amp;#8211; no matter what the source &amp;#8211; does not crash the &apos;mongod&apos; or &apos;mongos&apos;. &lt;/p&gt;</comment>
                            <comment id="542188" author="benety.goh" created="Wed, 9 Apr 2014 14:17:15 +0000"  >&lt;p&gt;The issue we observed in the logs is related to validating the response from the server.&lt;/p&gt;</comment>
                            <comment id="541350" author="milkie" created="Tue, 8 Apr 2014 21:16:30 +0000"  >&lt;p&gt;Are you saying the C++ driver should validate the response from the server, or should the server validate outgoing responses?  I&apos;m not sure we should have either.  Right now (2.4+) the server validates incoming BSON, but that wouldn&apos;t help in this situation.  If you need data checking on your network links, one option is to use TLS, which will break the connection at a lower level reliably.  Validating BSON as a substitute for parity checking won&apos;t catch many errors.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                                        </outwardlinks>
                                                                <inwardlinks description="is related to">
                                                        </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>8.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18555" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname># of Sprints</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10011" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Backwards Compatibility</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10038"><![CDATA[Fully Compatible]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Tue, 8 Apr 2014 21:16:30 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        7 years, 25 weeks, 5 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>ramon.fernandez@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            7 years, 25 weeks, 5 days ago
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_16465" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Linked BF Score</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10000" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Old_Backport</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10000"><![CDATA[No]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10032" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Operating System</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10026"><![CDATA[ALL]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>adam.chelminski@mongodb.com</customfieldvalue>
            <customfieldvalue>benety.goh@mongodb.com</customfieldvalue>
            <customfieldvalue>milkie@mongodb.com</customfieldvalue>
            <customfieldvalue>xgen-internal-githook</customfieldvalue>
            <customfieldvalue>ian@mongodb.com</customfieldvalue>
            <customfieldvalue>william.zola@10gen.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrlx87:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hsocvz:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>111488</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="1227">Platforms 2016-08-26</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hsgzsv:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>