SERVER-32410 Validate User::CredentialData during auth

author: Sara Golemon <sara.golemon@mongodb.com> 2017-12-19 14:17:37 -0500
committer: Sara Golemon <sara.golemon@mongodb.com> 2017-12-21 14:32:44 -0500
commit: fb8046d813af032d6d51327affbab9b6199fe654 (patch)
tree: 1ffa28fe494a7765047b69514089e848503e78eb /src/mongo/db/auth/user.h
parent: 260cc0cb463537cf9f1f479a8c38e74ffd807407 (diff)
download: mongo-fb8046d813af032d6d51327affbab9b6199fe654.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/src/mongo/db/auth/user.h b/src/mongo/db/auth/user.h
index 8ea5b18631c..8d180e9b8b9 100644
--- a/src/mongo/db/auth/user.h
+++ b/src/mongo/db/auth/user.h
@@ -67,6 +67,17 @@ public:
         std::string salt;
         std::string serverKey;
         std::string storedKey;
+
+        bool isValid() const {
+            // 160bit -> 20octets -> * 4/3 -> 26.667 -> padded to 28
+            const size_t kEncodedSHA1Length = 28;
+            // 128bit -> 16octets -> * 4/3 -> 21.333 -> padded to 24
+            const size_t kEncodedSaltLength = 24;
+
+            return (salt.size() == kEncodedSaltLength) && base64::validate(salt) &&
+                (serverKey.size() == kEncodedSHA1Length) && base64::validate(serverKey) &&
+                (storedKey.size() == kEncodedSHA1Length) && base64::validate(storedKey);
+        }
     };
     struct CredentialData {
         CredentialData() : scram(), isExternal(false) {}
author	Sara Golemon <sara.golemon@mongodb.com>	2017-12-19 14:17:37 -0500
committer	Sara Golemon <sara.golemon@mongodb.com>	2017-12-21 14:32:44 -0500
commit	fb8046d813af032d6d51327affbab9b6199fe654 (patch)
tree	1ffa28fe494a7765047b69514089e848503e78eb /src/mongo/db/auth/user.h
parent	260cc0cb463537cf9f1f479a8c38e74ffd807407 (diff)
download	mongo-fb8046d813af032d6d51327affbab9b6199fe654.tar.gz