Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-19538

Segfault when calling dbexit in SSLManager with auditing enabled

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 3.0.4
    • Fix Version/s: 3.0.6
    • Component/s: Security
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Operating System:
      ALL
    • Sprint:
      Quint Iteration 7

      Description

      The following sequence of events trigger the segfault.

      1. The mongod is started up.
      2. The auditing code is initialized.
      3. The SSLManager begins its initialization.
      4. It parses and validates the keyfile specified.
      5. The keyfile is expired or not yet valid, so dbexit() is called.
      6. The auditing code logs that the server is shutting down, but a segfault occurs because currentClient.get() is null.

      There are no dependencies between the initialization of the auditing code and the SSLManager, so an fassert occurs when the order of events (2) and (3) are reversed.

        Activity

        Hide
        max.hirschhorn Max Hirschhorn added a comment -

        Per discussion with Eric Milkie, we shouldn't call dbexit() in the SSLManager. Andy fixed this as part of his CurOp changes in SERVER-18515. Proposing to backport the changes that were made to ssl_manager.cpp to replace the call to dbexit() with an fassert, bypassing the auditing code.

        $ git show d5bf634 -- src/mongo/util/net/ssl_manager.cpp
        commit d5bf63455aa614d98ac840f09ce5ca6b813b9507
        Author: Andy Schwerin <schwerin@mongodb.com>
        Date:   Fri May 15 14:39:52 2015 -0400
         
            SERVER-18515 Replace OperationContext::getCurOp with CurOp::get(OperationContext*)
         
        diff --git a/src/mongo/util/net/ssl_manager.cpp b/src/mongo/util/net/ssl_manager.cpp
        index 652807e..d989d3b 100644
        --- a/src/mongo/util/net/ssl_manager.cpp
        +++ b/src/mongo/util/net/ssl_manager.cpp
        @@ -693,10 +693,9 @@ namespace mongo {
                         return false;
                     }
         
        -            if ((notBeforeMillis > curTimeMillis64()) ||
        -                (curTimeMillis64() > notAfterMillis)) {
        -                dbexit(EXIT_BADOPTIONS,
        -                       "The provided SSL certificate is expired or not yet valid.");
        +            if ((notBeforeMillis > curTimeMillis64()) || (curTimeMillis64() > notAfterMillis)) {
        +                severe() << "The provided SSL certificate is expired or not yet valid.";
        +                fassertFailedNoTrace(28652);
                     }
         
                     *serverCertificateExpirationDate = Date_t::fromMillisSinceEpoch(notAfterMillis);
        

        Show
        max.hirschhorn Max Hirschhorn added a comment - Per discussion with Eric Milkie , we shouldn't call dbexit() in the SSLManager . Andy fixed this as part of his CurOp changes in SERVER-18515 . Proposing to backport the changes that were made to ssl_manager.cpp to replace the call to dbexit() with an fassert, bypassing the auditing code. $ git show d5bf634 -- src/mongo/util/net/ssl_manager.cpp commit d5bf63455aa614d98ac840f09ce5ca6b813b9507 Author: Andy Schwerin <schwerin@mongodb.com> Date: Fri May 15 14:39:52 2015 -0400   SERVER-18515 Replace OperationContext::getCurOp with CurOp::get(OperationContext*)   diff --git a/src/mongo/util/net/ssl_manager.cpp b/src/mongo/util/net/ssl_manager.cpp index 652807e..d989d3b 100644 --- a/src/mongo/util/net/ssl_manager.cpp +++ b/src/mongo/util/net/ssl_manager.cpp @@ -693,10 +693,9 @@ namespace mongo { return false; } - if ((notBeforeMillis > curTimeMillis64()) || - (curTimeMillis64() > notAfterMillis)) { - dbexit(EXIT_BADOPTIONS, - "The provided SSL certificate is expired or not yet valid."); + if ((notBeforeMillis > curTimeMillis64()) || (curTimeMillis64() > notAfterMillis)) { + severe() << "The provided SSL certificate is expired or not yet valid."; + fassertFailedNoTrace(28652); } *serverCertificateExpirationDate = Date_t::fromMillisSinceEpoch(notAfterMillis);
        Hide
        xgen-internal-githook Githook User added a comment -

        Author:

        {u'username': u'visemet', u'name': u'Max Hirschhorn', u'email': u'max.hirschhorn@mongodb.com'}

        Message: SERVER-19538 fassert instead of calling dbexit() when cert is expired.
        Branch: v3.0
        https://github.com/mongodb/mongo/commit/b6cc64fab37049438a061e93946b0aa4a5b15686

        Show
        xgen-internal-githook Githook User added a comment - Author: {u'username': u'visemet', u'name': u'Max Hirschhorn', u'email': u'max.hirschhorn@mongodb.com'} Message: SERVER-19538 fassert instead of calling dbexit() when cert is expired. Branch: v3.0 https://github.com/mongodb/mongo/commit/b6cc64fab37049438a061e93946b0aa4a5b15686
        Hide
        xgen-internal-githook Githook User added a comment -

        Author:

        {u'username': u'ramonfm', u'name': u'Ramon Fernandez', u'email': u'ramon.fernandez@mongodb.com'}

        Message: Revert "SERVER-19538 fassert instead of calling dbexit() when cert is expired."

        This reverts commit b6cc64fab37049438a061e93946b0aa4a5b15686.
        Branch: v3.0
        https://github.com/mongodb/mongo/commit/a466693f46fdd7a539dc99389a7258c9290ed3aa

        Show
        xgen-internal-githook Githook User added a comment - Author: {u'username': u'ramonfm', u'name': u'Ramon Fernandez', u'email': u'ramon.fernandez@mongodb.com'} Message: Revert " SERVER-19538 fassert instead of calling dbexit() when cert is expired." This reverts commit b6cc64fab37049438a061e93946b0aa4a5b15686. Branch: v3.0 https://github.com/mongodb/mongo/commit/a466693f46fdd7a539dc99389a7258c9290ed3aa
        Hide
        xgen-internal-githook Githook User added a comment -

        Author:

        {u'name': u'Ramon Fernandez', u'email': u'ramon@mongodb.com'}

        Message: Revert "Revert "SERVER-19538 fassert instead of calling dbexit() when cert is expired.""

        This reverts commit a466693f46fdd7a539dc99389a7258c9290ed3aa.
        Branch: v3.0
        https://github.com/mongodb/mongo/commit/92311d920534326975178dd98fac4183960ee077

        Show
        xgen-internal-githook Githook User added a comment - Author: {u'name': u'Ramon Fernandez', u'email': u'ramon@mongodb.com'} Message: Revert "Revert " SERVER-19538 fassert instead of calling dbexit() when cert is expired."" This reverts commit a466693f46fdd7a539dc99389a7258c9290ed3aa. Branch: v3.0 https://github.com/mongodb/mongo/commit/92311d920534326975178dd98fac4183960ee077

          People

          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

                Agile