SERVER-15394 improve applyOps validation

1 files changed, 56 insertions, 5 deletions

diff --git a/src/mongo/db/commands/apply_ops.cpp b/src/mongo/db/commands/apply_ops.cpp
index 947b57b2df0..c0a1f398e56 100644
--- a/src/mongo/db/commands/apply_ops.cpp
+++ b/src/mongo/db/commands/apply_ops.cpp
@@ -74,11 +74,9 @@ namespace mongo {
                 BSONObjIterator i( ops );
                 while ( i.more() ) {
                     BSONElement e = i.next();
-                    if ( e.type() == Object )
-                        continue;
-                    errmsg = "op not an object: ";
-                    errmsg += e.fieldName();
-                    return false;
+                    if (!_checkOperation(e, errmsg)) {
+                        return false;
+                    }
                 }
             }
 
@@ -122,6 +120,10 @@ namespace mongo {
                 BSONElement e = i.next();
                 const BSONObj& temp = e.Obj();
 
+                // Ignore 'n' operations.
+                const char *opType = temp["op"].valuestrsafe();
+                if (*opType == 'n') continue;
+
                 string ns = temp["ns"].String();
 
                 // Run operations under a nested lock as a hack to prevent them from yielding.
@@ -189,6 +191,55 @@ namespace mongo {
 
             return true;
         }
+
+    private:
+        /**
+         * Returns true if 'e' contains a valid operation.
+         */
+        bool _checkOperation(const BSONElement& e, string& errmsg) {
+            if (e.type() != Object) {
+                errmsg = str::stream() << "op not an object: " << e.fieldName();
+                return false;
+            }
+            BSONObj obj = e.Obj();
+            // op - operation type
+            BSONElement opElement = obj.getField("op");
+            if (opElement.eoo()) {
+                errmsg = str::stream() << "op does not contain required \"op\" field: "
+                                       << e.fieldName();
+                return false;
+            }
+            if (opElement.type() != mongo::String) {
+                errmsg = str::stream() << "\"op\" field is not a string: " << e.fieldName();
+                return false;
+            }
+            // operation type -- see logOp() comments for types
+            const char *opType = opElement.valuestrsafe();
+            if (*opType == '\0') {
+                errmsg = str::stream() << "\"op\" field value cannot be empty: " << e.fieldName();
+                return false;
+            }
+
+            // ns - namespace
+            // Only operations of type 'n' are allowed to have an empty namespace.
+            BSONElement nsElement = obj.getField("ns");
+            if (nsElement.eoo()) {
+                errmsg = str::stream() << "op does not contain required \"ns\" field: "
+                                       << e.fieldName();
+                return false;
+            }
+            if (nsElement.type() != mongo::String) {
+                errmsg = str::stream() << "\"ns\" field is not a string: " << e.fieldName();
+                return false;
+            }
+            if (*opType != 'n' && nsElement.String().empty()) {
+                errmsg = str::stream()
+                    << "\"ns\" field value cannot be empty when op type is not 'n': "
+                    << e.fieldName();
+                return false;
+            }
+            return true;
+        }
     } applyOpsCmd;
 
 }