Do not rely on kms_request_append_payload() to calculate payload length

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Fixed
    • Priority: Unknown
    • 1.24.3
    • Affects Version/s: None
    • Component/s: Authentication
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Summary

      libmongoc and libmongocrypt have divergent KMS libraries (CDRIVER-4691). If the libraries are built statically (e.g. PHP driver with bundled sources) and libmongocrypt's KMS library is used, mongoc-cluster-aws.c will trigger an assert failure in kms_request_append_payload() (MONGOCRYPT-581). This breaks MONGODB-AWS authentication.

      Independent of a fix in libmongocrypt to relax the assertion logic, libmongoc can work around this by explicitly calculating the payload length instead of passing -1.

      Environment

      Observed building the PHP driver with libmongoc 1.24.1 and libmongocrypt 1.8.1, but the issue goes back to libmongocrypt 1.7.0.

              Assignee:
              Jeremy Mikola
              Reporter:
              Jeremy Mikola
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: