Uploaded image for project: 'Libmongocrypt'
  1. Libmongocrypt
  2. MONGOCRYPT-457

Use CRLF instead of LF newlines

    • Type: Icon: Improvement Improvement
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 1.6.0, 1.6.0-alpha0
    • Affects Version/s: None
    • Component/s: kms_message
    • None
    • Not Needed

      libmongocrypt should follow the HTTP/1.1 spec and use CRLF newlines instead of LF:

      Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR.

      While currently the servers it communicates with may not make use of the fact that this is merely a "MAY" requirement that they can disregard, libmongocrypt should be future-proof and anticipate that servers could reject LF as a single line terminator in the future.

      Node.js just started doing so, with the effect of breaking the mongosh test suite for libmongocrypt requests, citing CVE-2022-32213 (details not yet available at time of writing) as the reason.

            Assignee:
            kevin.albertson@mongodb.com Kevin Albertson
            Reporter:
            anna.henningsen@mongodb.com Anna Henningsen
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: