Merge branch 'main' into concatenate-namespace-declarations

Author: mikomikotaishi

Crypto/src/PKCS12Container.cpp

@@ -127,7 +127,7 @@ std::string PKCS12Container::extractFriendlyName(X509* pCert)
 	if(pCert)
 	{
 		int length = 0;
-		char* pBuffer = reinterpret_cast<char*>(X509_alias_get0(pCert, &length));
+		auto pBuffer = reinterpret_cast<const char*>(X509_alias_get0(pCert, &length));
 		if (pBuffer)
 		{
 			friendlyName.append(pBuffer, length);

Crypto/src/X509Certificate.cpp

@@ -208,7 +208,7 @@ void X509Certificate::save(const std::string& path) const
 }
 
 
-std::string _X509_NAME_oneline_utf8(X509_NAME *name)
+std::string _X509_NAME_oneline_utf8(const X509_NAME *name)
 {
 	BIO * bio_out = BIO_new(BIO_s_mem());
 	X509_NAME_print_ex(bio_out, name, 0, (ASN1_STRFLGS_RFC2253 | XN_FLAG_SEP_COMMA_PLUS | XN_FLAG_FN_SN | XN_FLAG_DUMP_UNKNOWN_FIELDS) & ~ASN1_STRFLGS_ESC_MSB);
@@ -246,7 +246,7 @@ std::string X509Certificate::commonName() const
 
 std::string X509Certificate::issuerName(NID nid) const
 {
-	if (X509_NAME* issuer = X509_get_issuer_name(_pCert))
+	if (auto issuer = X509_get_issuer_name(_pCert))
 	{
 		char buffer[NAME_BUFFER_SIZE];
 		if (X509_NAME_get_text_by_NID(issuer, nid, buffer, sizeof(buffer)) >= 0)
@@ -258,7 +258,7 @@ std::string X509Certificate::issuerName(NID nid) const
 
 std::string X509Certificate::subjectName(NID nid) const
 {
-	if (X509_NAME* subj = X509_get_subject_name(_pCert))
+	if (auto subj = X509_get_subject_name(_pCert))
 	{
 		char buffer[NAME_BUFFER_SIZE];
 		if (X509_NAME_get_text_by_NID(subj, nid, buffer, sizeof(buffer)) >= 0)
@@ -296,13 +296,14 @@ void X509Certificate::extractNames(std::string& cmnName, std::set<std::string>&
 Poco::DateTime X509Certificate::validFrom() const
 {
 	const ASN1_TIME* certTime = X509_get0_notBefore(_pCert);
-	std::string dateTime(reinterpret_cast<char*>(certTime->data));
+	auto certTimeType = ASN1_STRING_type(certTime);
+	std::string dateTime(reinterpret_cast<const char*>(ASN1_STRING_get0_data(certTime)), ASN1_STRING_length(certTime));
 	int tzd;
-	if (certTime->type == V_ASN1_UTCTIME)
+	if (certTimeType == V_ASN1_UTCTIME)
 	{
 		return DateTimeParser::parse("%y%m%d%H%M%S", dateTime, tzd);
 	}
-	else if (certTime->type == V_ASN1_GENERALIZEDTIME)
+	else if (certTimeType == V_ASN1_GENERALIZEDTIME)
 	{
 		return DateTimeParser::parse("%Y%m%d%H%M%S", dateTime, tzd);
 	}
@@ -316,13 +317,14 @@ Poco::DateTime X509Certificate::validFrom() const
 Poco::DateTime X509Certificate::expiresOn() const
 {
 	const ASN1_TIME* certTime = X509_get0_notAfter(_pCert);
-	std::string dateTime(reinterpret_cast<char*>(certTime->data));
+	auto certTimeType = ASN1_STRING_type(certTime);
+	std::string dateTime(reinterpret_cast<const char*>(ASN1_STRING_get0_data(certTime)), ASN1_STRING_length(certTime));
 	int tzd;
-	if (certTime->type == V_ASN1_UTCTIME)
+	if (certTimeType == V_ASN1_UTCTIME)
 	{
 		return DateTimeParser::parse("%y%m%d%H%M%S", dateTime, tzd);
 	}
-	else if (certTime->type == V_ASN1_GENERALIZEDTIME)
+	else if (certTimeType == V_ASN1_GENERALIZEDTIME)
 	{
 		return DateTimeParser::parse("%Y%m%d%H%M%S", dateTime, tzd);
 	}

MongoDB/include/Poco/MongoDB/BSONReader.h

@@ -20,6 +20,7 @@
 
 #include "Poco/MongoDB/MongoDB.h"
 #include "Poco/BinaryReader.h"
+#include "Poco/Exception.h"
 
 
 namespace Poco::MongoDB {
@@ -71,6 +72,8 @@ inline std::string BSONReader::readCString()
 		{
 			if (c == 0x00) return val;
 			else val += c;
+			if (val.size() > static_cast<std::size_t>(BSON_MAX_DOCUMENT_SIZE))
+				throw Poco::DataFormatException("BSON cstring exceeds maximum size");
 		}
 	}
 	return val;

MongoDB/include/Poco/MongoDB/Binary.h

@@ -153,13 +153,19 @@ inline void BSONReader::read<Binary::Ptr>(Binary::Ptr& to)
 	Poco::Int32 size;
 	_reader >> size;
 
+	if (size < 0)
+		throw Poco::DataFormatException("Invalid BSON binary size: " + std::to_string(size));
+	if (size > BSON_MAX_DOCUMENT_SIZE)
+		throw Poco::DataFormatException("BSON binary size exceeds maximum: " + std::to_string(size));
+
 	to->buffer().resize(size);
 
 	unsigned char subtype;
 	_reader >> subtype;
 	to->subtype(subtype);
 
-	_reader.readRaw(reinterpret_cast<char*>(to->buffer().begin()), size);
+	if (size > 0)
+		_reader.readRaw(reinterpret_cast<char*>(to->buffer().begin()), size);
 }
 
 

MongoDB/include/Poco/MongoDB/Connection.h

@@ -135,6 +135,13 @@ class MongoDB_API Connection
 	void connect(const Poco::Net::SocketAddress& addrs);
 		/// Connects to the given MongoDB server.
 
+	void connect(const Poco::Net::SocketAddress& addrs, const Poco::Timespan& connectTimeout, const Poco::Timespan& socketTimeout = 0);
+		/// Connects to the given MongoDB server with the specified connect timeout.
+		/// If connectTimeout is non-zero, the connection attempt will be aborted
+		/// after the specified time.
+		/// If socketTimeout is non-zero, the send and receive timeouts on the socket
+		/// will be set after a successful connection.
+
 	void connect(const Poco::Net::StreamSocket& socket);
 		/// Connects using an already connected socket.
 

MongoDB/include/Poco/MongoDB/Element.h

@@ -21,6 +21,7 @@
 #include "Poco/BinaryReader.h"
 #include "Poco/BinaryWriter.h"
 #include "Poco/DateTimeFormatter.h"
+#include "Poco/Exception.h"
 #include "Poco/MongoDB/BSONReader.h"
 #include "Poco/MongoDB/BSONWriter.h"
 #include "Poco/MongoDB/MongoDB.h"
@@ -187,6 +188,10 @@ inline void BSONReader::read<std::string>(std::string& to)
 {
 	Poco::Int32 size;
 	_reader >> size;
+	if (size < BSON_MIN_STRING_SIZE)
+		throw Poco::DataFormatException("Invalid BSON string size: " + std::to_string(size));
+	if (size > BSON_MAX_DOCUMENT_SIZE)
+		throw Poco::DataFormatException("BSON string size exceeds maximum: " + std::to_string(size));
 	_reader.readRaw(size, to);
 	to.erase(to.end() - 1); // remove terminating 0
 }

MongoDB/include/Poco/MongoDB/MessageHeader.h

@@ -110,7 +110,7 @@ inline Int32 MessageHeader::getMessageLength() const
 
 inline void MessageHeader::setMessageLength(Int32 length)
 {
-	poco_assert (_messageLength >= 0);
+	poco_assert (length >= 0);
 	_messageLength = MSG_HEADER_SIZE + length;
 }
 

MongoDB/include/Poco/MongoDB/MongoDB.h

@@ -51,6 +51,33 @@
 #endif
 
 
+// MongoDB wire protocol and BSON specification limits.
+// These constants are defined centrally so that all validation
+// code in the library uses the same values.
+
+namespace Poco {
+namespace MongoDB {
+
+/// Maximum BSON document size (16 MB) per MongoDB specification.
+/// Applies to documents, strings, binary data, and cstrings.
+static constexpr Poco::Int32 BSON_MAX_DOCUMENT_SIZE = 16 * 1024 * 1024;
+
+/// Minimum BSON document size (5 bytes): 4-byte size field + 1-byte null terminator.
+static constexpr Poco::Int32 BSON_MIN_DOCUMENT_SIZE = 5;
+
+/// Minimum BSON string size (1 byte for the null terminator).
+static constexpr Poco::Int32 BSON_MIN_STRING_SIZE = 1;
+
+/// Maximum OP_MSG message size (48 MB) per MongoDB specification.
+static constexpr Poco::Int32 OP_MSG_MAX_SIZE = 48 * 1024 * 1024;
+
+/// Default local threshold for "nearest" read preference (15 ms = 15000 µs).
+/// Servers within this threshold of the minimum RTT are eligible for selection.
+static constexpr Poco::Int64 DEFAULT_LOCAL_THRESHOLD_US = 15000;
+
+} } // namespace Poco::MongoDB
+
+
 //
 // Automatically link MongoDB library.
 //

MongoDB/include/Poco/MongoDB/ObjectId.h

@@ -91,12 +91,11 @@ class MongoDB_API ObjectId
 //
 inline Timestamp ObjectId::timestamp() const noexcept
 {
-	int time;
-	char* T = reinterpret_cast<char*>(&time);
-	T[0] = _id[3];
-	T[1] = _id[2];
-	T[2] = _id[1];
-	T[3] = _id[0];
+	const Poco::Int32 time =
+		(static_cast<Poco::Int32>(_id[0]) << 24) |
+		(static_cast<Poco::Int32>(_id[1]) << 16) |
+		(static_cast<Poco::Int32>(_id[2]) <<  8) |
+		 static_cast<Poco::Int32>(_id[3]);
 	return Timestamp::fromEpochTime(static_cast<time_t>(time));
 }
 

MongoDB/include/Poco/MongoDB/PoolableConnectionFactory.h

@@ -20,6 +20,7 @@
 
 #include "Poco/MongoDB/Connection.h"
 #include "Poco/ObjectPool.h"
+#include "Poco/Timespan.h"
 
 
 namespace Poco {
@@ -32,6 +33,9 @@ class PoolableObjectFactory<MongoDB::Connection, MongoDB::Connection::Ptr>
 	///
 	/// If a Connection::SocketFactory is given, it must live for the entire
 	/// lifetime of the PoolableObjectFactory.
+	///
+	/// It is strongly recommended to use one of the timeout-aware constructors
+	/// to avoid indefinite hangs when the server is unreachable.
 {
 public:
 	PoolableObjectFactory(Net::SocketAddress& address):
@@ -46,6 +50,22 @@ class PoolableObjectFactory<MongoDB::Connection, MongoDB::Connection::Ptr>
 	{
 	}
 
+	PoolableObjectFactory(Net::SocketAddress& address, Poco::Timespan connectTimeout, Poco::Timespan socketTimeout = 0):
+		_address(address),
+		_pSocketFactory(nullptr),
+		_connectTimeout(connectTimeout),
+		_socketTimeout(socketTimeout)
+	{
+	}
+
+	PoolableObjectFactory(const std::string& address, Poco::Timespan connectTimeout, Poco::Timespan socketTimeout = 0):
+		_address(address),
+		_pSocketFactory(nullptr),
+		_connectTimeout(connectTimeout),
+		_socketTimeout(socketTimeout)
+	{
+	}
+
 	PoolableObjectFactory(const std::string& uri, MongoDB::Connection::SocketFactory& socketFactory):
 		_uri(uri),
 		_pSocketFactory(&socketFactory)
@@ -55,9 +75,15 @@ class PoolableObjectFactory<MongoDB::Connection, MongoDB::Connection::Ptr>
 	MongoDB::Connection::Ptr createObject()
 	{
 		if (_pSocketFactory)
+		{
 			return new MongoDB::Connection(_uri, *_pSocketFactory);
+		}
 		else
-			return new MongoDB::Connection(_address);
+		{
+			MongoDB::Connection::Ptr conn = new MongoDB::Connection();
+			conn->connect(_address, _connectTimeout, _socketTimeout);
+			return conn;
+		}
 	}
 
 	bool validateObject(MongoDB::Connection::Ptr pObject)
@@ -80,7 +106,9 @@ class PoolableObjectFactory<MongoDB::Connection, MongoDB::Connection::Ptr>
 private:
 	Net::SocketAddress _address;
 	std::string _uri;
-	MongoDB::Connection::SocketFactory* _pSocketFactory;
+	MongoDB::Connection::SocketFactory* _pSocketFactory = nullptr;
+	Poco::Timespan _connectTimeout;
+	Poco::Timespan _socketTimeout;
 };