Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-67263

Reject InsertUpdatePayload with mismatched IndexKeyId

    • Type: Icon: Improvement Improvement
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 6.1.0-rc0
    • Affects Version/s: None
    • Component/s: Field Level Encryption
    • None
    • Minor Change
    • Security 2022-07-11, Security 2022-07-25, Security 2022-08-08

      Scope

      • Return an error when receiving an InsertUpdatePayload with a mismatched IndexKeyId.

      Background & Motivation

      The InsertUpdatePayload includes the IndexKeyId here.

      The IndexKeyId is expected to match the "keyId" specified on encryptedFields. A mistaken insert with an incorrect IndexKeyId results in incorrect query results and non-obvious errors.

      Example 1:

      • encryptedFields uses key1ID
      • Insert with UserKeyID=key1ID IndexKeyID=key2ID
      • Find with IndexKeyID=key1ID

      Will not find the inserted document.

      Example 2:

      • encryptedFields uses key1ID
      • Insert with UserKeyID=key1ID IndexKeyID=key2ID
      • Delete with IndexKeyID=key2ID

      Returns this server error:

      Invalid advance (5391210624386066) past end of buffer[188] at offset: 8
      

      These scenarios were tested with the Go driver here and can be run with:

      go test -v -tags cse -count=1 ./mongo/integration -run TestClientSideEncryptionProse/explicit_encryption/case_6
      

            Assignee:
            sara.golemon@mongodb.com Sara Golemon
            Reporter:
            kevin.albertson@mongodb.com Kevin Albertson
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: