Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-4694

Do not rely on kms_request_append_payload() to calculate payload length

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Unknown Unknown
    • 1.24.3
    • None
    • Authentication
    • None

    Description

      Summary

      libmongoc and libmongocrypt have divergent KMS libraries (CDRIVER-4691). If the libraries are built statically (e.g. PHP driver with bundled sources) and libmongocrypt's KMS library is used, mongoc-cluster-aws.c will trigger an assert failure in kms_request_append_payload() (MONGOCRYPT-581). This breaks MONGODB-AWS authentication.

      Independent of a fix in libmongocrypt to relax the assertion logic, libmongoc can work around this by explicitly calculating the payload length instead of passing -1.

      Environment

      Observed building the PHP driver with libmongoc 1.24.1 and libmongocrypt 1.8.1, but the issue goes back to libmongocrypt 1.7.0.

      Attachments

        Activity

          People

            jmikola@mongodb.com Jeremy Mikola
            jmikola@mongodb.com Jeremy Mikola
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: