RUBY-662 prevent ObjectId initialization with bad data

TylerBrock · TylerBrock · commit 3f8b97f57980 · 2013-08-19T16:25:00.000-04:00
diff --git a/lib/bson/types/object_id.rb b/lib/bson/types/object_id.rb
@@ -41,6 +41,9 @@ class ObjectId
     #   the remaining bytes will consist of the standard machine id, pid, and counter. If
     #   you need a zeroed timestamp, used ObjectId.from_time.
     def initialize(data=nil, time=nil)
+      if data && (!data.is_a?(Array) || data.size != 12)
+        raise InvalidObjectId, 'ObjectId requires 12 byte array'
+      end
       @data = data || generate(time)
     end
 
diff --git a/test/bson/object_id_test.rb b/test/bson/object_id_test.rb
@@ -26,12 +26,18 @@ def test_hashcode
   end
 
   def test_array_uniq_for_equilavent_ids
-    a = ObjectId.new('123')
-    b = ObjectId.new('123')
+    a = ObjectId.new('123456789101'.unpack('C*'))
+    b = ObjectId.new('123456789101'.unpack('C*'))
     assert_equal a, b
     assert_equal 1, [a, b].uniq.size
   end
 
+  def test_initialization_with_bad_data
+    assert_raise InvalidObjectId do
+      ObjectId.new('\xff')
+    end
+  end
+
   def test_create_pk_method
     doc = {:name => 'Mongo'}
     doc = ObjectId.create_pk(doc)
