diff options
author | Andreas Nilsson <andreas.nilsson@10gen.com> | 2015-03-27 15:32:06 -0400 |
---|---|---|
committer | Andreas Nilsson <andreas.nilsson@10gen.com> | 2015-03-27 15:37:55 -0400 |
commit | 6fa5d192e7552753d69846dd1c4b86c4c80cbe58 (patch) | |
tree | 0d7b924e64b785cb8a77f15d975103d02a2fb642 | |
parent | 3830ebe12436c48cbf30176e4714a688b6a758fa (diff) | |
download | mongo-6fa5d192e7552753d69846dd1c4b86c4c80cbe58.tar.gz |
SERVER-17719 Fail gracefully in shell for empty SCRAM passwords
(cherry picked from commit 4448118e2f7e1b402e63352d5b007b27328372d8)
-rw-r--r-- | src/mongo/client/sasl_client_authenticate_impl.cpp | 3 | ||||
-rw-r--r-- | src/mongo/client/sasl_scramsha1_client_conversation.cpp | 4 | ||||
-rw-r--r-- | src/mongo/crypto/crypto_tom.cpp | 4 |
3 files changed, 10 insertions, 1 deletions
diff --git a/src/mongo/client/sasl_client_authenticate_impl.cpp b/src/mongo/client/sasl_client_authenticate_impl.cpp index b1dedf44800..930db45a4f7 100644 --- a/src/mongo/client/sasl_client_authenticate_impl.cpp +++ b/src/mongo/client/sasl_client_authenticate_impl.cpp @@ -171,7 +171,8 @@ namespace { if (status.isOK()) { session->setParameter(SaslClientSession::parameterPassword, value); } - else if (status != ErrorCodes::NoSuchKey) { + else if (!(status == ErrorCodes::NoSuchKey && targetDatabase == "$external")) { + // $external users do not have passwords, hence NoSuchKey is expected return status; } diff --git a/src/mongo/client/sasl_scramsha1_client_conversation.cpp b/src/mongo/client/sasl_scramsha1_client_conversation.cpp index df3d6a181b3..a2b2327460c 100644 --- a/src/mongo/client/sasl_scramsha1_client_conversation.cpp +++ b/src/mongo/client/sasl_scramsha1_client_conversation.cpp @@ -94,6 +94,10 @@ namespace mongo { * n,a=authzid,n=encoded-username,r=client-nonce */ StatusWith<bool> SaslSCRAMSHA1ClientConversation::_firstStep(std::string* outputData) { + if (_saslClientSession->getParameter(SaslClientSession::parameterPassword).empty()) { + return StatusWith<bool>(ErrorCodes::BadValue, mongoutils::str::stream() << + "Empty client password provided"); + } // Create text-based nonce as base64 encoding of a binary blob of length multiple of 3 const int nonceLenQWords = 3; diff --git a/src/mongo/crypto/crypto_tom.cpp b/src/mongo/crypto/crypto_tom.cpp index 9051d647f2c..f3ed3fe5d14 100644 --- a/src/mongo/crypto/crypto_tom.cpp +++ b/src/mongo/crypto/crypto_tom.cpp @@ -65,6 +65,10 @@ namespace crypto { const size_t inputLen, unsigned char* output, unsigned int* outputLen) { + if (!key || !input || !output) { + return false; + } + static int hashId = -1; if (hashId == -1) { register_hash (&sha1_desc); |