<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 04:14:28 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-27209] BSONObj::getStringField() does not handle embedded null bytes correctly</title>
                <link>https://jira.mongodb.org/browse/SERVER-27209</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;A BSONElement of type String has a pointer + length implementation and therefore may contain an embedded null byte. &lt;tt&gt;BSONObj::getStringField&lt;/tt&gt; uses &lt;tt&gt;valuestr&lt;/tt&gt; in its &lt;a href=&quot;https://github.com/mongodb/mongo/blob/f4240c60f005be757399042dc12f6addbc3170c1/src/mongo/bson/bsonobj.cpp#L508&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;implementation&lt;/a&gt;, which can lead us to incorrectly interpret the string as null terminated.&lt;/p&gt;</description>
                <environment></environment>
        <key id="334942">SERVER-27209</key>
            <summary>BSONObj::getStringField() does not handle embedded null bytes correctly</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="matt.kneiser@mongodb.com">Matt Kneiser</assignee>
                                    <reporter username="marko.vojvodic@mongodb.com">Marko Vojvodic</reporter>
                        <labels>
                            <label>bson</label>
                            <label>neweng</label>
                            <label>techdebt</label>
                    </labels>
                <created>Tue, 29 Nov 2016 19:10:19 +0000</created>
                <updated>Sun, 5 Jun 2022 16:08:45 +0000</updated>
                            <resolved>Thu, 13 Jan 2022 17:04:27 +0000</resolved>
                                                    <fixVersion>5.3.0</fixVersion>
                                                        <votes>0</votes>
                                    <watches>6</watches>
                                                                                                                <comments>
                            <comment id="4290128" author="xgen-internal-githook" created="Thu, 13 Jan 2022 06:29:20 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Matt Kneiser&apos;, &apos;email&apos;: &apos;matt.kneiser@mongodb.com&apos;, &apos;username&apos;: &apos;themattman&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-27209&quot; title=&quot;BSONObj::getStringField() does not handle embedded null bytes correctly&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-27209&quot;&gt;&lt;del&gt;SERVER-27209&lt;/del&gt;&lt;/a&gt; Eliminate dangerous BSONElement string extraction methods&lt;/p&gt;

&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;Fix: Change return type of BSONObj::getStringField to include size&lt;br/&gt;
 (StringData vs. char*). A char* only contains the data with an ending NULL&lt;br/&gt;
 termination. Whereas a StringData contains data + size so caller knows how&lt;br/&gt;
 to interpret data if there are embedded NULLs.&lt;/li&gt;
&lt;/ul&gt;


&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;Cleanup: Remove old tag - CachedSizeTag - that disambiguated BSONElement ctors.&lt;br/&gt;
 A dangling reference to &apos;maxLen&apos; in a comment led me to this historical issue.&lt;br/&gt;
 $ git log -S&apos;maxLen&apos; &amp;#8211; src/mongo/bson/bsonelement.h&lt;br/&gt;
 commit 0d38ef5&lt;br/&gt;
 Author: Mathias Stearn mathias@10gen.com&lt;br/&gt;
 Date: Tue Dec 19 14:23:08 2017 -0500&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt; &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-32302&quot; title=&quot;for-each loop over BSONObj is slower than explicit BSONObjIterator in MatchExpressionParser code&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-32302&quot;&gt;&lt;del&gt;SERVER-32302&lt;/del&gt;&lt;/a&gt; Compute BSONElement sizes eagerly&lt;/p&gt;

&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;Test: Add tests for NULL bytes being returned by getStringField&lt;/li&gt;
&lt;/ul&gt;


&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;$ ninja -j400 +bson_obj_test&lt;/li&gt;
&lt;/ul&gt;


&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;Cleanup: Move BSONElement::valuestr() from public to private&lt;/li&gt;
&lt;/ul&gt;


&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;Cleanup: Remove BSONElement::valuestrsafe()&lt;/li&gt;
&lt;/ul&gt;


&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;Cleanup: Remove all external callers of valuestr/valuestrsafe and cleanup&lt;br/&gt;
 their callsites with better alternatives.&lt;/li&gt;
&lt;/ul&gt;


&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;Cleanup: Make multi-line BSONElement &amp;amp; BSONObj public API comments&lt;br/&gt;
 conform to style guidelines&lt;/li&gt;
&lt;/ul&gt;


&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;Nit: Fix spelling in a comment&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/fd6b2a875f8942a4ba7fea916b4c52a913e14f49&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/fd6b2a875f8942a4ba7fea916b4c52a913e14f49&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;
</comment>
                            <comment id="4290127" author="xgen-internal-githook" created="Thu, 13 Jan 2022 06:29:17 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Matt Kneiser&apos;, &apos;email&apos;: &apos;matt.kneiser@mongodb.com&apos;, &apos;username&apos;: &apos;themattman&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-27209&quot; title=&quot;BSONObj::getStringField() does not handle embedded null bytes correctly&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-27209&quot;&gt;&lt;del&gt;SERVER-27209&lt;/del&gt;&lt;/a&gt; Propagate removal of BSONElement::valuestr()&lt;/p&gt;

&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;Fix: Remove `valuestr()` to remove potentially dangerous handling of embedded NULLs in string fields&lt;/li&gt;
&lt;/ul&gt;


&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;Fix: Change signedness of size parameter to unsigned&lt;/li&gt;
&lt;/ul&gt;


&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;Fix: Change callsites of `BSONObj::getStringField()` to account for changed return type `char*` -&amp;gt; `StringData`&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;Related PR in server repo: &lt;span class=&quot;error&quot;&gt;&amp;#91;SERVER-27209 Eliminate dangerous BSONElement string extraction methods&amp;#93;&lt;/span&gt;(&lt;a href=&quot;https://github.com/10gen/mongo/pull/2579&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/10gen/mongo/pull/2579&lt;/a&gt;)&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/10gen/mongo-enterprise-modules/commit/65f2a1b1ba3bfacac7d349aae6391563ab3b4702&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/10gen/mongo-enterprise-modules/commit/65f2a1b1ba3bfacac7d349aae6391563ab3b4702&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="1445176" author="david.storch" created="Tue, 29 Nov 2016 20:31:08 +0000"  >&lt;p&gt;&lt;tt&gt;BSONElement::valuestr()&lt;/tt&gt; should probably go away entirely, although a quick grep suggests that there are currently about 180 callers.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10520">
                    <name>Problem/Incident</name>
                                            <outwardlinks description="causes">
                                        <issuelink>
            <issuekey id="2062243">SERVER-67028</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>3.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18555" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname># of Sprints</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>5.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10011" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Backwards Compatibility</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10011"><![CDATA[Minor Change]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Tue, 29 Nov 2016 20:31:08 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        2 years, 3 weeks, 6 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_17050" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Downstream Team Attention</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="16941"><![CDATA[Not Needed]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>geert.bosch@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            2 years, 3 weeks, 6 days ago
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_16465" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Linked BF Score</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>129.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10032" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Operating System</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10026"><![CDATA[ALL]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>david.storch@mongodb.com</customfieldvalue>
            <customfieldvalue>xgen-internal-githook</customfieldvalue>
            <customfieldvalue>marko.vojvodic@mongodb.com</customfieldvalue>
            <customfieldvalue>matt.kneiser@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrjptr:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hzp3c7:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="5422">Execution Team 2021-11-29</customfieldvalue>
    <customfieldvalue id="5423">Execution Team 2021-12-13</customfieldvalue>
    <customfieldvalue id="5424">Execution Team 2021-12-27</customfieldvalue>
    <customfieldvalue id="5550">Execution Team 2022-01-10</customfieldvalue>
    <customfieldvalue id="5551">Execution Team 2022-01-24</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hs4nzb:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>