Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-12110

Potential buffer overflow in SSLManager::password_cb() due to strcpy()

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 2.5.5
    • Affects Version/s: None
    • Component/s: Security
    • Labels:
    • Fully Compatible
    • ALL

      First reported here: https://github.com/mongodb/mongo/pull/157

      SSLManager::password_cb() is now in ssl_manager.cpp:

      https://github.com/mongodb/mongo/blame/master/src/mongo/util/net/ssl_manager.cpp#L441-L446

          int SSLManager::password_cb(char *buf,int num, int rwflag,void *userdata) {
        SSLManager* sm = static_cast<SSLManager*>(userdata);
        std::string pass = sm->_password;
        strcpy(buf,pass.c_str());
        return(pass.size());
    }

      strcpy() bad!

            Assignee:
            andreas.nilsson Andreas Nilsson
            Reporter:
            matt.kangas Matt Kangas
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: