Skip to content

GODRIVER-3303 Prevent out of bounds panic with length value #1735

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Aug 14, 2024
Merged

GODRIVER-3303 Prevent out of bounds panic with length value #1735

merged 2 commits into from
Aug 14, 2024

Conversation

kobrineli
Copy link
Contributor

@kobrineli kobrineli commented Aug 7, 2024
edited by qingyang-hu
Loading

GODRIVER-3303

Summary

This PR fixes out of bounds error and following unwanted panic in case of corrupted message length.

@kobrineli
Copy link
Contributor Author

kobrineli commented Aug 7, 2024
edited
Loading

Hi! Couldn't link ticket from jira due to the 403 Forbidden server error.

@kobrineli
Copy link
Contributor Author

@matthewdale

@kobrineli
Copy link
Contributor Author

@qingyang-hu, hi! Could you review this PR please?

matthewdale
matthewdale approved these changes Aug 8, 2024
View reviewed changes
Copy link
Collaborator

@matthewdale matthewdale left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! 👍

@kobrineli Do you know the GODRIVER ticket number that this should be linked to? Also, do you have an example of a wire message or a description of how to reproduce the panic?

@mongodb-drivers-pr-bot mongodb-drivers-pr-bot bot added the priority-3-low Low Priority PR for Review label Aug 8, 2024
@mongodb-drivers-pr-bot mongodb-drivers-pr-bot
Copy link
Contributor

API Change Report

No changes found!

@kobrineli
Copy link
Contributor Author

@matthewdale
Hi! No, unfortunately I get 403 server error when trying to access the project page with tickets, so I don't know the ticket number.
The error can be easily reproduced by setting a wrong (negative) number in the length field of document sequence, for example.
The error was discovered by fuzzing.

@kobrineli
Copy link
Contributor Author

Here is encoded wire message (OpMsg with DocumentSequence inside)
crash-1f3f05ade15b1bbd7f936719754cc230a03b8059.txt

@qingyang-hu qingyang-hu changed the title Prevent out of bounds panic with length value GODRIVER-3303 Prevent out of bounds panic with length value Aug 13, 2024
@qingyang-hu qingyang-hu mentioned this pull request Aug 14, 2024
Merged
@qingyang-hu qingyang-hu merged commit e583aa6 into mongodb:v1 Aug 14, 2024
30 of 33 checks passed
blink1073 pushed a commit to blink1073/mongo-go-driver that referenced this pull request Aug 14, 2024
@kobrineli @blink1073
GODRIVER-3303 Prevent out of bounds panic with length value (mongodb#…
9228e5f 
…1735)

(cherry picked from commit e583aa6)
@blink1073 blink1073 mentioned this pull request Aug 14, 2024
Merged
This was referenced Mar 4, 2025
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matthewdale matthewdale matthewdale approved these changes

@qingyang-hu qingyang-hu qingyang-hu approved these changes

Assignees
No one assigned
Labels
priority-3-low Low Priority PR for Review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kobrineli @matthewdale @qingyang-hu