diff options
author | Andreas Nilsson <andreas.nilsson@10gen.com> | 2015-03-27 15:32:06 -0400 |
---|---|---|
committer | Andreas Nilsson <andreas.nilsson@10gen.com> | 2015-03-27 15:36:46 -0400 |
commit | 4448118e2f7e1b402e63352d5b007b27328372d8 (patch) | |
tree | e43db09af753c71d1885c055cf9f546805cc27c1 /src | |
parent | cfce87ebbb36f2acf63eb5a29f6aec95a55e3866 (diff) | |
download | mongo-4448118e2f7e1b402e63352d5b007b27328372d8.tar.gz |
SERVER-17719 Fail gracefully in shell for empty SCRAM passwords
Diffstat (limited to 'src')
-rw-r--r-- | src/mongo/client/sasl_client_authenticate_impl.cpp | 3 | ||||
-rw-r--r-- | src/mongo/client/sasl_scramsha1_client_conversation.cpp | 4 | ||||
-rw-r--r-- | src/mongo/crypto/crypto_tom.cpp | 4 |
3 files changed, 10 insertions, 1 deletions
diff --git a/src/mongo/client/sasl_client_authenticate_impl.cpp b/src/mongo/client/sasl_client_authenticate_impl.cpp index b1dedf44800..930db45a4f7 100644 --- a/src/mongo/client/sasl_client_authenticate_impl.cpp +++ b/src/mongo/client/sasl_client_authenticate_impl.cpp @@ -171,7 +171,8 @@ namespace { if (status.isOK()) { session->setParameter(SaslClientSession::parameterPassword, value); } - else if (status != ErrorCodes::NoSuchKey) { + else if (!(status == ErrorCodes::NoSuchKey && targetDatabase == "$external")) { + // $external users do not have passwords, hence NoSuchKey is expected return status; } diff --git a/src/mongo/client/sasl_scramsha1_client_conversation.cpp b/src/mongo/client/sasl_scramsha1_client_conversation.cpp index 314d3aa03fa..50e54734a8f 100644 --- a/src/mongo/client/sasl_scramsha1_client_conversation.cpp +++ b/src/mongo/client/sasl_scramsha1_client_conversation.cpp @@ -94,6 +94,10 @@ namespace mongo { * n,a=authzid,n=encoded-username,r=client-nonce */ StatusWith<bool> SaslSCRAMSHA1ClientConversation::_firstStep(std::string* outputData) { + if (_saslClientSession->getParameter(SaslClientSession::parameterPassword).empty()) { + return StatusWith<bool>(ErrorCodes::BadValue, mongoutils::str::stream() << + "Empty client password provided"); + } // Create text-based nonce as base64 encoding of a binary blob of length multiple of 3 const int nonceLenQWords = 3; diff --git a/src/mongo/crypto/crypto_tom.cpp b/src/mongo/crypto/crypto_tom.cpp index 85cc8387bb3..ff739d57365 100644 --- a/src/mongo/crypto/crypto_tom.cpp +++ b/src/mongo/crypto/crypto_tom.cpp @@ -67,6 +67,10 @@ namespace crypto { const size_t inputLen, unsigned char* output, unsigned int* outputLen) { + if (!key || !input || !output) { + return false; + } + static int hashId = -1; if (hashId == -1) { register_hash (&sha1_desc); |