Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-24141

Default uninitialized fields in SSLParams leads to undefined behavior re certificate strength in ESE

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 3.3.8
    • Affects Version/s: None
    • Component/s: None
    • Fully Compatible
    • ALL
    • Platforms 15 (06/03/16)

      The SSLParams constructor does not initialize its bool fields:

      https://github.com/mongodb/mongo/blob/ea20ce71ee1151abc5bbe5ea60713a86d34a751a/src/mongo/util/net/ssl_options.h#L57-L64

      The KMIP integration in ESE creates an SSLParams object on the stack in getKeyFromKMIPServer. But it does not initialize the SSLParams::sslWeakCertificateValidation field, leaving its value indeterminate. Then, the KMIPService uses these parameters to construct its SSLManager object. As a result, it is indeterminate whether the encrypted storage engine will or will not allow weak certificates. This was found with the undefined behavior sanitizer (look for 'runtime error'):

      https://logkeeper.mongodb.org/build/572cf7809041304e1901cbde/test/572cf780be07c4295208ee89

            Assignee:
            andrew.morrow@mongodb.com Andrew Morrow (Inactive)
            Reporter:
            andrew.morrow@mongodb.com Andrew Morrow (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: