[SERVER-25455] Use-after-free in DBClientConnection when handling application name metadata - MongoDB Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major - P3
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.3.11
Component/s: Internal Client
Labels:
None

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Sprint:
Platforms 18 (08/05/16)
Linked BF Score:
0

Description

The DBClientConnection::_applicationName field holds an owned string that represents the currently set value of the 'application' metadata field. In some code paths, a StringData that views that owned string is passed to a function which uses the StringData to re-write the _applicationName. That is fine, however, the code then continues to use the passed in StringData, which now refers to freed memory.

Attachments

Activity

People

Assignee:: Andrew Morrow

Reporter:: Andrew Morrow

Participants:: Andrew Morrow, Githook User

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: Aug 05 2016 03:36:41 PM UTC

Updated:: Aug 13 2016 12:07:05 AM UTC

Resolved:: Aug 05 2016 10:25:44 PM UTC