Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-3488

Use-after-free after popping a session from a client that has been reset

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major - P3 Major - P3
    • 1.16.0
    • 1.15.3
    • None
    • None

    Description

      Situation:

      • mongoc_client_reset is called on a mongoc_client_t
      • an operation is performed on the client that requires popping a session from the session pool. This would be most operations against 3.6+ server.

      Since _mongoc_topology_clear_session_pool does not NULL out topology->session_pool, the next attempt to pop a session results in a use-after-free when accessing topology->session_pool.

      Attachments

        Activity

          People

            kevin.albertson@mongodb.com Kevin Albertson
            kevin.albertson@mongodb.com Kevin Albertson
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: