From 04c33a8e1f97542f92c34432a2871fa7e359a342 Mon Sep 17 00:00:00 2001
From: Spencer Jackson <spencer.jackson@mongodb.com>
Date: Fri, 13 Feb 2015 11:49:49 -0500
Subject: SERVER-17278: Enforce BSON BinData length

(cherry picked from commit 8ef2743189617343c5c4888aca34a9886d21e783)

Conflicts:
	src/mongo/bson/bson_validate.cpp
---
 src/mongo/bson/bson_validate.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/mongo/bson/bson_validate.cpp b/src/mongo/bson/bson_validate.cpp
index a7c95ad1370..cd8819012fc 100644
--- a/src/mongo/bson/bson_validate.cpp
+++ b/src/mongo/bson/bson_validate.cpp
@@ -16,6 +16,7 @@
  */
 
 #include <deque>
+#include <limits>
 
 #include "mongo/bson/bson_validate.h"
 #include "mongo/bson/oid.h"
@@ -209,6 +210,8 @@ namespace mongo {
                 int sz;
                 if ( !buffer->readNumber<int>( &sz ) )
                     return Status( ErrorCodes::InvalidBSON, "invalid bson" );
+                if ( sz < 0 || sz == std::numeric_limits<int>::max() )
+                    return Status( ErrorCodes::InvalidBSON, "invalid bson" );
                 if ( !buffer->skip( 1 + sz ) )
                     return Status( ErrorCodes::InvalidBSON, "invalid bson" );
                 return Status::OK();
-- 
cgit v1.2.1