OPERATIONAL DEFECT DATABASE
...
...
It is possible to create usernames which contain NULL characters. It is not possible to log in to these accounts. It seems like if we wanted we could accept these characters. However https://tools.ietf.org/html/rfc5802 defines `value-safe-char`, which is used in the username and authzid, as: value-safe-char = %x01-2B / %x2D-3C / %x3E-7F / UTF8-2 / UTF8-3 / UTF8-4 ;; UTF8-char except NUL, "=", and ",". There seem to be no provisions for encoding NULL characters. The authenticate command seems to have an unrelated bug that manifests itself in the same way. It seems likely that we do not want to be able to store usernames containing this character.
rahul.dhodapkar commented on Wed, 13 Jan 2016 15:45:27 +0000: Backported fix. xgen-internal-githook commented on Wed, 13 Jan 2016 15:43:44 +0000: Author: {u'username': u'rahuldhodapkar', u'name': u'rahuldhodapkar', u'email': u'rahul.m.dhodapkar@gmail.com'} Message: SERVER-20358 prevent creation of users containing NULL characters (cherry picked from commit 6a46a7c34222329972b6c6b0fae70bc6cd72c2fa) Branch: v3.0 https://github.com/mongodb/mongo/commit/f8f5dab11c2ed931add8d34e5e5dcc666e1ed5c8 xgen-internal-githook commented on Wed, 13 Jan 2016 15:32:03 +0000: Author: {u'username': u'rahuldhodapkar', u'name': u'rahuldhodapkar', u'email': u'rahul.m.dhodapkar@gmail.com'} Message: SERVER-20358 prevent creation of users containing NULL characters (cherry picked from commit 6a46a7c34222329972b6c6b0fae70bc6cd72c2fa) Branch: v3.2 https://github.com/mongodb/mongo/commit/8e63ae06e2487989800e08e3d7e9cbf07ab76274 xgen-internal-githook commented on Wed, 13 Jan 2016 15:26:36 +0000: Author: {u'username': u'rahuldhodapkar', u'name': u'rahuldhodapkar', u'email': u'rahul.m.dhodapkar@gmail.com'} Message: SERVER-20358 prevent creation of users containing NULL characters Branch: master https://github.com/mongodb/mongo/commit/6a46a7c34222329972b6c6b0fae70bc6cd72c2fa
> db.createUser( {user: "user\0\0\0\0", pwd: "test", roles: []} ) 2015-09-10T16:25:11.720-0400 I COMMAND [conn1] command test.$cmd command: createUser { createUser: "user", pwd: "xxx", roles: [], digestPassword: false, writeConcern: { w: "majority", wtimeout: 30000.0 } } ntoreturn:1 ntoskip:0 keyUpdates:0 writeConflicts:0 numYields:0 reslen:22 locks:{ Global: { acquireCount: { r: 4, w: 4 } }, Database: { acquireCount: { W: 4 } }, Collection: { acquireCount: { w: 1 } } } protocol:op_command 160ms Successfully added user: { "user" : "user\u0000\u0000\u0000\u0000", "roles" : [ ] } > use admin switched to db admin > db.system.users.find() { "_id" : "test.user\u0000\u0000\u0000\u0000", "user" : "user\u0000\u0000\u0000\u0000", "db" : "test", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "KiCV1E3AlJr2QSI7K/DAiw==", "storedKey" : "DGWmOyzDcwVKWHVzhs9VFIH01xQ=", "serverKey" : "ZpyGGNlRUUCgmtXz3Y3oWIJg8Jw=" } }, "roles" : [ ] } > use test switched to db test > db.auth("user\0\0\0\0", "test") 2015-09-10T16:26:13.987-0400 I ACCESS [conn1] SCRAM-SHA-1 authentication failed for on test from client 127.0.0.1 ; BadValue Incorrect number of arguments for first SCRAM-SHA-1 client message, got 2 expected 4 Error: Authentication failed. 0
Click on a version to see all relevant bugs
MongoDB Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
