-
Type: Bug
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: None
-
Server Security
-
Fully Compatible
-
ALL
-
v8.0
-
-
Security 2024-07-22
For FLE2-encrypted range fields with small domain size (6 or fewer bits required) and unspecified trimFactor, one will run into a validation error ("Error: Trim factor must be less than the number of bits used to represent the domain.") when inserting field values and trying to query them back.
This is because when inserting a range field value whose trimFactor is unspecified in the schema, the following happens in the client:
- query_analysis.cpp:buildFle2EncryptPlaceholder() sets FLE2RangeInsertSpec.trimFactor to be boost::none. So, the final insertion placeholder will wind up not having an explicit trim factor value.
- when the placeholder is converted to a FLE2InsertUpdatePayloadV2, the getEdges algorithm resolves the unspecified trim factor to some default value, D, that is clamped to a valid value based on the domain size.
However, when doing a find, query analysis will always set a value of 6 for the FLE2RangeFindSpecEdgesInfo.trimFactor if the trim factor is unspecified in the schema. Since 6 is not always equal to D, this is going to cause an error during the validation performed in validateIDLFLE2RangeFindSpec
- is caused by
-
SERVER-91077 Change the default values for QE range parameters
- Closed
-
SERVER-91886 Investigate if trimFactor should always be required for range v2 placeholders
- Closed