Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Unknown
Fix Version/s: 1.24.3
Affects Version/s: None
Component/s: Authentication
Labels:
None

Confidence Status:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Link:
None
Goal Name(s):
None

Summary

libmongoc and libmongocrypt have divergent KMS libraries (~~CDRIVER-4691~~). If the libraries are built statically (e.g. PHP driver with bundled sources) and libmongocrypt's KMS library is used, mongoc-cluster-aws.c will trigger an assert failure in kms_request_append_payload() (~~MONGOCRYPT-581~~). This breaks MONGODB-AWS authentication.

Independent of a fix in libmongocrypt to relax the assertion logic, libmongoc can work around this by explicitly calculating the payload length instead of passing -1.

Environment

Observed building the PHP driver with libmongoc 1.24.1 and libmongocrypt 1.8.1, but the issue goes back to libmongocrypt 1.7.0.

is depended on by

PHPC-1895 Add native support for AWS IAM Roles for service accounts, EKS in particular

Closed

is related to

CDRIVER-4691 Sync KMS sources with libmongocrypt

Closed

MONGOCRYPT-581 Allow passing negative len to kms_request_append_payload() for strlen() calculation

Closed

Assignee:: Jeremy Mikola
Reporter:: Jeremy Mikola
Votes:: 0 Vote for this issue
Watchers:: 2 Start watching this issue

Created:: Jul 18 2023 01:01:26 PM UTC
Updated:: Oct 28 2023 11:27:47 AM UTC
Resolved:: Jul 25 2023 01:37:23 PM UTC
Confidence Status Last Update:: 18/Jul/23 1:07 PM

Details

Description

Summary

Environment

Attachments

Issue Links

Forms

Activity

People

Dates