[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

mongodb: CVE-2015-1609 in squeeze

from what I can see the squeeze version of mongodb is not affected by
the above CVE since

 void BSONElement::validate() const {
        switch( type() ) {
        case DBRef:
        case Code:
        case Symbol:
        case String: {
            int x = valuestrsize();
            if ( x > 0 && valuestr()[x-1] == 0 )
            StringBuilder buf;
            buf <<  "Invalid dbref/code/string/symbol size: " << x << " strnlen:" << strnlen( valuestr() , x );
            massert( 10321 , buf.str() , 0 );

already checks that the string has a length greater than zero so I
marked the CVE as not requiring further action in squeeze but it would
be great to have an additional pair of eyes more familiar with the
codebase double check. Does this look correct?

 -- Guido

Reply to: