diff options
author | Spencer Jackson <spencer.jackson@mongodb.com> | 2015-02-13 11:49:49 -0500 |
---|---|---|
committer | Ramon Fernandez <ramon@mongodb.com> | 2015-02-17 13:42:19 -0500 |
commit | 04c33a8e1f97542f92c34432a2871fa7e359a342 (patch) | |
tree | 36f136d98a04a2d26d471d2a4389cba4c910a7e6 | |
parent | 3a7e85ea1f672f702660e5472566234b1d19038e (diff) | |
download | mongo-04c33a8e1f97542f92c34432a2871fa7e359a342.tar.gz |
SERVER-17278: Enforce BSON BinData length
(cherry picked from commit 8ef2743189617343c5c4888aca34a9886d21e783)
Conflicts:
src/mongo/bson/bson_validate.cpp
-rw-r--r-- | src/mongo/bson/bson_validate.cpp | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/mongo/bson/bson_validate.cpp b/src/mongo/bson/bson_validate.cpp index a7c95ad1370..cd8819012fc 100644 --- a/src/mongo/bson/bson_validate.cpp +++ b/src/mongo/bson/bson_validate.cpp @@ -16,6 +16,7 @@ */ #include <deque> +#include <limits> #include "mongo/bson/bson_validate.h" #include "mongo/bson/oid.h" @@ -209,6 +210,8 @@ namespace mongo { int sz; if ( !buffer->readNumber<int>( &sz ) ) return Status( ErrorCodes::InvalidBSON, "invalid bson" ); + if ( sz < 0 || sz == std::numeric_limits<int>::max() ) + return Status( ErrorCodes::InvalidBSON, "invalid bson" ); if ( !buffer->skip( 1 + sz ) ) return Status( ErrorCodes::InvalidBSON, "invalid bson" ); return Status::OK(); |