Update MongoDB Driver to master commit (#29656)

This updates the MongoDB driver to use a recent master commit in order to incorporate the fix: mongodb/mongo-go-driver#1291 (which has not been released to a tag yet) In addition a fuzz seed was added to cover this condition. After not finding more issues this also re-enables the MongoDB fuzzing in oss-fuzz.
gravitational · Jul 27, 2023 · 20b8f9c · 20b8f9c
1 parent 0936968
commit 20b8f9c
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 6 deletions.
diff --git a/fuzz/oss-fuzz-build.sh b/fuzz/oss-fuzz-build.sh
@@ -83,9 +83,8 @@ build_teleport_fuzzers() {
   compile_native_go_fuzzer $TELEPORT_PREFIX/lib/srv/db/sqlserver/protocol \
     FuzzMSSQLLogin fuzz_mssql_login
 
-# Disabled until we can update the mongoDB driver
-#  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/srv/db/mongodb/protocol \
-#   FuzzMongoRead fuzz_mongo_read
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/srv/db/mongodb/protocol \
+    FuzzMongoRead fuzz_mongo_read
 
   compile_native_go_fuzzer $TELEPORT_PREFIX/lib/srv/db/opensearch \
     FuzzPathToMatcher fuzz_opensearch_path_to_matcher

diff --git a/go.mod b/go.mod
@@ -147,7 +147,7 @@ require (
 	github.com/vulcand/predicate v1.2.0 // replaced
 	go.etcd.io/etcd/api/v3 v3.5.9
 	go.etcd.io/etcd/client/v3 v3.5.9
-	go.mongodb.org/mongo-driver v1.12.0
+	go.mongodb.org/mongo-driver v1.13.0-prerelease.0.20230726045955-5ee10b94cc66
 	go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352
 	go.opentelemetry.io/contrib/instrumentation/github.com/aws/aws-sdk-go-v2/otelaws v0.42.0
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0

diff --git a/go.sum b/go.sum
@@ -1596,8 +1596,8 @@ go.etcd.io/etcd/tests/v3 v3.5.0/go.mod h1:f+mtZ1bE1YPvgKdOJV2BKy4JQW0nAFnQehgOE7
 go.etcd.io/etcd/v3 v3.5.0-alpha.0/go.mod h1:JZ79d3LV6NUfPjUxXrpiFAYcjhT+06qqw+i28snx8To=
 go.etcd.io/etcd/v3 v3.5.0/go.mod h1:FldM0/VzcxYWLvWx1sdA7ghKw7C3L2DvUTzGrcEtsC4=
 go.mongodb.org/mongo-driver v1.11.1/go.mod h1:s7p5vEtfbeR1gYi6pnj3c3/urpbLv2T5Sfd6Rp2HBB8=
-go.mongodb.org/mongo-driver v1.12.0 h1:aPx33jmn/rQuJXPQLZQ8NtfPQG8CaqgLThFtqRb0PiE=
-go.mongodb.org/mongo-driver v1.12.0/go.mod h1:AZkxhPnFJUoH7kZlFkVKucV20K387miPfm7oimrSmK0=
+go.mongodb.org/mongo-driver v1.13.0-prerelease.0.20230726045955-5ee10b94cc66 h1:2uTsucgz0YmaUEvk4iu43KGxvVcG/bZ/rNsCmqiMGC4=
+go.mongodb.org/mongo-driver v1.13.0-prerelease.0.20230726045955-5ee10b94cc66/go.mod h1:AZkxhPnFJUoH7kZlFkVKucV20K387miPfm7oimrSmK0=
 go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 h1:CCriYyAfq1Br1aIYettdHZTy8mBTIPo7We18TuO/bak=
 go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk=
 go.opencensus.io v0.15.0/go.mod h1:UffZAU+4sDEINUGP/B7UfBBkq4fqLu9zXAX7ke6CHW0=

diff --git a/lib/srv/db/mongodb/protocol/fuzz_test.go b/lib/srv/db/mongodb/protocol/fuzz_test.go
@@ -116,6 +116,13 @@ func FuzzMongoRead(f *testing.F) {
 		0xdc, 0x7, 0x0, 0x0, // op code
 		0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x0, 0x1, 0xf5, 0xf5, 0xf6,
 		0x80, 0xe, 0x30, 0x30, 0x30, 0x30, 0x30})
+	// op msg infinite loop due to protocol specifying length zero message
+	f.Add([]byte{0x20, 0x0, 0x0, 0x0, // (start header) length
+		0x30, 0x30, 0x11, 0x30, // request id
+		0x30, 0x30, 0x30, 0x30, // response to
+		0xdd, 0x7, 0x0, 0x0, // (end header) op code
+		0x30, 0x30, 0x30, 0x30, 0x30, 0x1, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
+		0x0, 0x0, 0x30})
 	// op msg with too small of msg
 	f.Add([]byte{0x20, 0x0, 0x0, 0x0, // (start header) length
 		0x30, 0x30, 0x11, 0x30, // request id