Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-1877

libbson doesn't verify dbpointer collection name string is null terminated

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Minor - P4 Minor - P4
    • 1.5.0
    • Affects Version/s: None
    • Component/s: libbson
    • None

      The spec requires collection name in a DBPointer type to be a "string" – i.e. a length + bytes + 0x00. libbson doesn't verify that the null byte is actually null. It appears to just skip over it.

      Here is an example of a BSON string with valid DBPointer as visualized with 'bsonview' in the BSON corpus spec:

      1A0000000C610002000000620056E1FC72E0C917E9C471416100
 1a000000 0c "a" 00 02000000 "b" 00 56E1FC72E0C917E9C4714161 00

      Here is a slightly modified version of the above (a case that should fail to parse according to the spec). Instead of 0x00, the trailing "null" of the collection name is 0x62 (marked with ^^):

      1A0000000C610002000000626256E1FC72E0C917E9C471416100
 1a000000 0c "a" 00 02000000 6262 56e1fc72e0c917e9c471416100
                               ^^

      libbson considers the latter case to be a valid DBPointer.

            Assignee:
            jesse@mongodb.com A. Jesse Jiryu Davis
            Reporter:
            david.golden@mongodb.com David Golden
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: