diff options
-rw-r--r-- | src/mongo/client/sasl_client_authenticate_impl.cpp | 3 | ||||
-rw-r--r-- | src/mongo/client/sasl_scramsha1_client_conversation.cpp | 4 | ||||
-rw-r--r-- | src/mongo/crypto/crypto_tom.cpp | 4 |
3 files changed, 10 insertions, 1 deletions
diff --git a/src/mongo/client/sasl_client_authenticate_impl.cpp b/src/mongo/client/sasl_client_authenticate_impl.cpp index b1dedf44800..930db45a4f7 100644 --- a/src/mongo/client/sasl_client_authenticate_impl.cpp +++ b/src/mongo/client/sasl_client_authenticate_impl.cpp @@ -171,7 +171,8 @@ namespace { if (status.isOK()) { session->setParameter(SaslClientSession::parameterPassword, value); } - else if (status != ErrorCodes::NoSuchKey) { + else if (!(status == ErrorCodes::NoSuchKey && targetDatabase == "$external")) { + // $external users do not have passwords, hence NoSuchKey is expected return status; } diff --git a/src/mongo/client/sasl_scramsha1_client_conversation.cpp b/src/mongo/client/sasl_scramsha1_client_conversation.cpp index 314d3aa03fa..50e54734a8f 100644 --- a/src/mongo/client/sasl_scramsha1_client_conversation.cpp +++ b/src/mongo/client/sasl_scramsha1_client_conversation.cpp @@ -94,6 +94,10 @@ namespace mongo { * n,a=authzid,n=encoded-username,r=client-nonce */ StatusWith<bool> SaslSCRAMSHA1ClientConversation::_firstStep(std::string* outputData) { + if (_saslClientSession->getParameter(SaslClientSession::parameterPassword).empty()) { + return StatusWith<bool>(ErrorCodes::BadValue, mongoutils::str::stream() << + "Empty client password provided"); + } // Create text-based nonce as base64 encoding of a binary blob of length multiple of 3 const int nonceLenQWords = 3; diff --git a/src/mongo/crypto/crypto_tom.cpp b/src/mongo/crypto/crypto_tom.cpp index 85cc8387bb3..ff739d57365 100644 --- a/src/mongo/crypto/crypto_tom.cpp +++ b/src/mongo/crypto/crypto_tom.cpp @@ -67,6 +67,10 @@ namespace crypto { const size_t inputLen, unsigned char* output, unsigned int* outputLen) { + if (!key || !input || !output) { + return false; + } + static int hashId = -1; if (hashId == -1) { register_hash (&sha1_desc); |