MongoDB - Defect ID: 2863478
Server does not validate hostname for invalid UTF-8 characters

Info

When MongoDB reads the hostname, it does not ensures that the hostname in question contains valid UTF-8. Drivers may then report errors when trying to run commands that report back this hostname verbatim while trying to decode the string back from UTF-8. Validated on Linux hostnam? 5.15.0-1020-aws #24-Ubuntu SMP Thu Sep 1 16:05:45 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux but likely applicable to all operating systems that don't directly validate hostname strings.

Top User Comments

Steps to Reproduce

#include int main() { sethostname("hostnam\xff", 8); } gcc -o test test.c sudo ./test npx mongodb-runner start -t standalone --version=8.0.x -- --port=27017 # alternative: download + start server manually # observe failures: mongosh localhost:27017/admin --eval 'db.aggregate([{ $currentOp: {} }])' # or: mongosh localhost:27017/admin --eval 'db.adminCommand({ hostInfo: 1 })'