mongodb: CVE-2015-1609 in squeeze
Hi,
from what I can see the squeeze version of mongodb is not affected by
the above CVE since
void BSONElement::validate() const {
switch( type() ) {
case DBRef:
case Code:
case Symbol:
case String: {
int x = valuestrsize();
if ( x > 0 && valuestr()[x-1] == 0 )
return;
StringBuilder buf;
buf << "Invalid dbref/code/string/symbol size: " << x << " strnlen:" << strnlen( valuestr() , x );
massert( 10321 , buf.str() , 0 );
break;
}
already checks that the string has a length greater than zero so I
marked the CVE as not requiring further action in squeeze but it would
be great to have an additional pair of eyes more familiar with the
codebase double check. Does this look correct?
Cheers,
-- Guido
Reply to: